Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remover 123srv
3 participantes
Página 1 de 1
Remover 123srv
por soutob4 Dom 01 Jun 2014, 17:48
Olá!
Tenho percebido aqui no meu pc umas páginas abrindo com o endereço 123srv (popup).
Minha irmã viu isso hoje e falou que isso era vírus, trojan, sei lá o que!
Instalamos o Spybot não apareceu nada. Passei o Avast e tb não acusou nada.
Então me registrei aqui no Fórum, baixei o HijackThis e apresento o log abaixo.
Agradeço, desde já, a quem puder me ajudar!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:47:07, on 01/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\HELOISA\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files\BrowseMark\BrowseMarkbho.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\HELOISA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Quiknowledge Client Service (qksvc) - Quiknowledge - C:\Program Files\Quiknowledge\Service\qksvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
--
End of file - 9062 bytes
Tenho percebido aqui no meu pc umas páginas abrindo com o endereço 123srv (popup).
Minha irmã viu isso hoje e falou que isso era vírus, trojan, sei lá o que!
Instalamos o Spybot não apareceu nada. Passei o Avast e tb não acusou nada.
Então me registrei aqui no Fórum, baixei o HijackThis e apresento o log abaixo.
Agradeço, desde já, a quem puder me ajudar!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:47:07, on 01/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\HELOISA\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files\BrowseMark\BrowseMarkbho.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\HELOISA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Quiknowledge Client Service (qksvc) - Quiknowledge - C:\Program Files\Quiknowledge\Service\qksvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
--
End of file - 9062 bytes
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 18:04
Olá.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log Adwcleaner
por soutob4 Dom 01 Jun 2014, 18:38
Abaixo o log!
# AdwCleaner v3.211 - Relatório criado 01/06/2014 às 18:32:23
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : HELOISA - HELOISA-PC
# Executando de : C:\Users\HELOISA\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : qknfd
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\Ask.com
Pasta Deletada : C:\Program Files\BrowseMark
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Program Files\PC Cleaner
Pasta Deletada : C:\Program Files\Quiknowledge
Pasta Deletada : C:\Program Files\RegClean Pro
Pasta Deletada : C:\Program Files\Systweak Support Dock
Pasta Deletada : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Pasta Deletada : C:\Users\HELOISA\AppData\LocalLow\AskToolbar
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\baidu
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\Extensions\toolbar@ask.com
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E03FCC-58C0-452D-ABF5-AAB72EEA7F0A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E03FCC-58C0-452D-ABF5-AAB72EEA7F0A}
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Chave Deletedo : HKCU\Software\APN
Chave Deletedo : HKCU\Software\Ask.com
Chave Deletedo : HKCU\Software\BrowseMark
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\APN
Chave Deletedo : HKLM\Software\AskToolbar
Chave Deletedo : HKLM\Software\BrowseMark
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js ]
Linha deletada : user_pref("browser.search.defaultengine", "Ask.com");
Linha deletada : user_pref("browser.search.order.1", "Ask.com");
Linha deletada : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R0].txt - [10562 octets] - [01/06/2014 18:31:29]
AdwCleaner[S0].txt - [10212 octets] - [01/06/2014 18:32:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10273 octets] ##########
# AdwCleaner v3.211 - Relatório criado 01/06/2014 às 18:32:23
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : HELOISA - HELOISA-PC
# Executando de : C:\Users\HELOISA\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : qknfd
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\Ask.com
Pasta Deletada : C:\Program Files\BrowseMark
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Program Files\PC Cleaner
Pasta Deletada : C:\Program Files\Quiknowledge
Pasta Deletada : C:\Program Files\RegClean Pro
Pasta Deletada : C:\Program Files\Systweak Support Dock
Pasta Deletada : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Pasta Deletada : C:\Users\HELOISA\AppData\LocalLow\AskToolbar
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\baidu
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Pasta Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\Extensions\toolbar@ask.com
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E03FCC-58C0-452D-ABF5-AAB72EEA7F0A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E03FCC-58C0-452D-ABF5-AAB72EEA7F0A}
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Chave Deletedo : HKCU\Software\APN
Chave Deletedo : HKCU\Software\Ask.com
Chave Deletedo : HKCU\Software\BrowseMark
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\APN
Chave Deletedo : HKLM\Software\AskToolbar
Chave Deletedo : HKLM\Software\BrowseMark
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js ]
Linha deletada : user_pref("browser.search.defaultengine", "Ask.com");
Linha deletada : user_pref("browser.search.order.1", "Ask.com");
Linha deletada : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R0].txt - [10562 octets] - [01/06/2014 18:31:29]
AdwCleaner[S0].txt - [10212 octets] - [01/06/2014 18:32:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10273 octets] ##########
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 18:44
No seu PC está constando também o Baidu. Você quer removê-lo ou quer continuar com ele?_________________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 21:06, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log Zoek
por soutob4 Dom 01 Jun 2014, 19:21
Baidu, é virus? Claro, se ele não presta aqui no pc, passei o Zoek!
Abaixo o log:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by HELOISA on 01/06/2014 at 19:04:06,13.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HELOISA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01/06/2014 19:05:03 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B9B75D3-9C0F-4000-A16F-0C915A536194} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("keyword.URL", "");
Added to C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\HELOISA\AppData\Roaming\Allmyapps deleted
C:\Users\HELOISA\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Allmyapps deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\Users\HELOISA\Downloads\iLividSetup-r1315-n-bf.exe deleted
==== Folders Found ======================
2014-06-01 21:32:26 2014-06-01 21:32:26 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu\Baidu Antivirus
2014-04-11 14:31:04 2014-04-11 14:31:04 -------- d-----w- C:\Program Files\Baidu Security
2014-04-11 14:31:04 2014-05-26 02:28:27 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-04-14 11:48:02 2014-06-01 20:33:22 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-25 20:16:30 2014-05-25 20:19:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-14 11:48:02 2014-06-01 20:33:22 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-25 20:16:30 2014-05-25 20:19:06 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-11 14:34:44 2014-04-11 14:34:44 -------- d-----w- C:\Users\HELOISA\Downloads\FormatFactory\FFModules\Package\BaiDu
==== Files Found ======================
--- C:\Users\HELOISA\Downloads\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log\FormatFactory.exe]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [16/04/2014 19:27]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [19/05/2012 17:15]
==== Firefox Extensions ======================
ProfilePath: C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default
- Website Discovery Pro - %ProfilePath%\extensions\discoverypro@discoverypro.com
AppDir: C:\Program Files\Mozilla Firefox
- Quiknowledge - %AppDir%\extensions\quiknowledge@quiknowledge.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\HELOISA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files\Spybot - Search & Destroy 2\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HELOISA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HELOISA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\HELOISA\AppData\Local\Mozilla\Firefox\Profiles\mvjg8bia.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=3 1928912 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HELOISA\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HELOISA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 01/06/2014 at 19:19:26,65 ======================
Abaixo o log:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by HELOISA on 01/06/2014 at 19:04:06,13.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HELOISA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01/06/2014 19:05:03 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B9B75D3-9C0F-4000-A16F-0C915A536194} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("keyword.URL", "");
Added to C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\HELOISA\AppData\Roaming\Allmyapps deleted
C:\Users\HELOISA\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Allmyapps deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\Users\HELOISA\Downloads\iLividSetup-r1315-n-bf.exe deleted
==== Folders Found ======================
2014-06-01 21:32:26 2014-06-01 21:32:26 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu\Baidu Antivirus
2014-04-11 14:31:04 2014-04-11 14:31:04 -------- d-----w- C:\Program Files\Baidu Security
2014-04-11 14:31:04 2014-05-26 02:28:27 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-04-14 11:48:02 2014-06-01 20:33:22 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-25 20:16:30 2014-05-25 20:19:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-14 11:48:02 2014-06-01 20:33:22 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-25 20:16:30 2014-05-25 20:19:06 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-11 14:34:44 2014-04-11 14:34:44 -------- d-----w- C:\Users\HELOISA\Downloads\FormatFactory\FFModules\Package\BaiDu
==== Files Found ======================
--- C:\Users\HELOISA\Downloads\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log\FormatFactory.exe]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [16/04/2014 19:27]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [19/05/2012 17:15]
==== Firefox Extensions ======================
ProfilePath: C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default
- Website Discovery Pro - %ProfilePath%\extensions\discoverypro@discoverypro.com
AppDir: C:\Program Files\Mozilla Firefox
- Quiknowledge - %AppDir%\extensions\quiknowledge@quiknowledge.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\HELOISA\AppData\Roaming\Mozilla\Firefox\Profiles\mvjg8bia.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\HELOISA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files\Spybot - Search & Destroy 2\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HELOISA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HELOISA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\HELOISA\AppData\Local\Mozilla\Firefox\Profiles\mvjg8bia.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=3 1928912 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HELOISA\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HELOISA\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 01/06/2014 at 19:19:26,65 ======================
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 19:27
Baidu é um antivirus, mas algumas vezes ele vem embutido em outros programas e a pessoa pode estar com ele sem ter percebido que ele foi instalado. Então se você quiser removê-lo a gente pode te ajudar na remoção.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 20:08
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 20:31, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Log Remoção Baidu
por soutob4 Dom 01 Jun 2014, 20:25
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by HELOISA on 01/06/2014 at 20:15:05,04.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HELOISA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-221926.log 21329 bytes
==== System Restore Info ======================
01/06/2014 20:16:36 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu\Application Bug\Bav\log\FormatFactory.exe]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Deleting Files \ Folders ======================
C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\HELOISA\Downloads\FormatFactory\FFModules\Package\BaiDu deleted
==== Folders Found ======================
2014-06-01 21:32:26 2014-06-01 21:32:26 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu
2014-06-01 21:32:27 2014-06-01 21:32:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\HELOISA\AppData\Roaming\baidu\Baidu Antivirus
2014-06-01 23:19:26 2014-06-01 23:19:26 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-01 23:19:26 2014-05-26 02:28:27 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-01 23:19:27 2014-06-01 20:33:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-01 23:19:27 2014-05-25 20:19:06 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-01 23:19:27 2014-06-01 20:33:22 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-01 23:19:27 2014-05-25 20:19:06 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-01 23:19:27 2014-06-01 23:19:27 -------- d---a-w- C:\zoek_backup\C_Users_HELOISA_Downloads_FormatFactory_FFModules_Package_BaiDu
2014-06-01 23:19:26 2014-05-26 02:28:27 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\zoek_backup\C_Users_HELOISA_Downloads_FormatFactory_FFModules_Package_BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-06-01 23:19:27
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=11 4190557 bytes)
==== EOF on 01/06/2014 at 20:21:24,53 ======================
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 20:29
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 21:04, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Novo log (Remoção Baidu)
por soutob4 Dom 01 Jun 2014, 21:02
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by HELOISA on 01/06/2014 at 20:41:50,09.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HELOISA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-221926.log 21329 bytes
C:\zoek-results2014-06-01-232124.log 13151 bytes
==== System Restore Info ======================
01/06/2014 20:42:43 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-459170983-3359245472-3186517145-1000\Software\Baidu Security\Antivirus\web]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=11 4190557 bytes)
==== EOF on 01/06/2014 at 20:43:53,15 ======================
soutob4- Iniciante
- Mensagens : 6
Reputação : 0
Data de inscrição : 01/06/2014
Re: Remover 123srv
por Power Max Dom 01 Jun 2014, 21:05
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover 123srv
por Danii Ter 17 Jun 2014, 12:04
TÓPICO ARQUIVADO
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantesPágina 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|