Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
4 usuários online :: 1 usuário cadastrado, Nenhum Invisível e 3 Visitantes

joram

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Baidu persistente na remoção!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qua 04 Jun 2014, 23:46

Olá, boa noite! Estou também tendo problemas com o Baidu! Não sei bem quando ele apareceu mas um dia ele estava lá e parece que criou raízes!
Já tentei um pouco de tudo e quando parece que consigo excluí-lo o danado volta!  Crying or Very sad 
Adoraria uma ajuda, galera! Agradeço desde já!  Smile 


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:08:59, on 04/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Luana\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:  
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Update gooternet - Unknown owner - C:\Program Files\gooternet\updategooternet.exe (file missing)
O23 - Service: Update Storimbo - Unknown owner - C:\Program Files\Storimbo\updateStorimbo.exe (file missing)

--
End of file - 7319 bytes
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qua 04 Jun 2014, 23:50

  Oi Lua.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 00:08

Olá, Power! Obrigada pela ajuda! Vamos lá....



# AdwCleaner v3.211 - Relatório criado 04/06/2014 às 23:57:38
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Luana - LUANA-PC
# Executando de : C:\Users\Luana\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : Update Storimbo

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Luana\AppData\Local\genienext
Pasta Deletada : C:\Users\Luana\AppData\Local\lollipop
Pasta Deletada : C:\Users\Luana\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Luana\AppData\Local\VideoDownloadConverter_4z
Pasta Deletada : C:\Users\Luana\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Luana\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Luana\AppData\Roaming\file scout
Pasta Deletada : C:\Users\Luana\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luana\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\Smartbar
Pasta Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
Arquivo Deletada : C:\Users\Luana\daemonprocess.txt
Arquivo Deletada : C:\Users\Luana\AppData\LocalLow\SkwConfig.bin
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_extensions.sqlite
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_prefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\invalidprefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\BrowserProtect.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\delta.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\MyStart Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\my-web-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIM Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIm.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\user.js
Arquivo Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
Chave Deletedo : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKCU\Software\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\delta LTD
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\WNLT
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\nationzoomSoftware
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SimplyGen
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\WNLT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js ]

Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_city", "SAO PAULO");
Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_country", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_country", "BRAZIL");
Linha deletada : user_pref("CT2849856.1000234.TWC_locId", "BRXX0232");
Linha deletada : user_pref("CT2849856.1000234.TWC_location", "Sao Paulo, Brazil");
Linha deletada : user_pref("CT2849856.1000234.TWC_region", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_temp_dis", "c");
Linha deletada : user_pref("CT2849856.1000234.TWC_wind_dis", "kmh");
Linha deletada : user_pref("CT2849856.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.FF19Solved", "true");
Linha deletada : user_pref("CT2849856.Facebook_Mode.enc", "Mg==");
Linha deletada : user_pref("CT2849856.Facebook_User_Locale.enc", "ZW4=");
Linha deletada : user_pref("CT2849856.FirstTime", "true");
Linha deletada : user_pref("CT2849856.FirstTimeFF3", "true");
Linha deletada : user_pref("CT2849856.PG_ENABLE", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.PG_ENABLE.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Linha deletada : user_pref("CT2849856.SF_STATUS.enc", "RU5BQkxFRA==");
Linha deletada : user_pref("CT2849856.SF_USER_ID.enc", "Y2lkXzI1NDIwMTMyMzExNDMxMjE1NDc5");
Linha deletada : user_pref("CT2849856.UserID", "UN18272589571832541");
Linha deletada : user_pref("CT2849856.addressBarTakeOverEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.autoDisableScopes", 0);
Linha deletada : user_pref("CT2849856.cb_experience_000.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_firstuse0100.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_user_id_000.enc", "Q0IzOTIxNDg4MjUyMThfMTM2NzAxOTc5NzIyNl9GaXJlZm94");
Linha deletada : user_pref("CT2849856.cbfirsttime.enc", "VHVlIEFwciAzMCAyMDEzIDE4OjQ3OjQwIEdNVC0wMzAwIChIb3JhIG9maWNpYWwgZG8gQnJhc2lsKQ==");
Linha deletada : user_pref("CT2849856.countryCode", "BR");
Linha deletada : user_pref("CT2849856.defaultSearch", "false");
Linha deletada : user_pref("CT2849856.embeddedsData", "[{\"appId\":\"129349797096062685\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Linha deletada : user_pref("CT2849856.enableFix404ByUser", "FALSE");
Linha deletada : user_pref("CT2849856.enableSearchFromAddressBar", "false");
Linha deletada : user_pref("CT2849856.firstTimeDialogOpened", "true");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorByUser", "TRUE");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorInHidden", "true");
Linha deletada : user_pref("CT2849856.fixUrls", true);
Linha deletada : user_pref("CT2849856.installDate", "25/4/2013 23:10:27");
Linha deletada : user_pref("CT2849856.installType", "xpe");
Linha deletada : user_pref("CT2849856.installUsage", "2013-04-26T05:23:50.1947571+03:00");
Linha deletada : user_pref("CT2849856.installUsageEarly", "2013-04-26T05:11:32.2907175+03:00");
Linha deletada : user_pref("CT2849856.installerVersion", "1.3.7.3");
Linha deletada : user_pref("CT2849856.isCheckedStartAsHidden", true);
Linha deletada : user_pref("CT2849856.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.isFirstTimeToolbarLoading", "false");
Linha deletada : user_pref("CT2849856.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linha deletada : user_pref("CT2849856.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2849856&octid=CT2849856&SearchSource=15&CUI=UN18272589571832541&SSPV=&Lay=1&UM=\"}");
Linha deletada : user_pref("CT2849856.lastVersion", "10.20.0.513");
Linha deletada : user_pref("CT2849856.mam_gk_appStateReportTime.enc", "MTM3NzM2NDk4MDM2NQ==");
Linha deletada : user_pref("CT2849856.mam_gk_appState_CouponBuddy.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_PriceGong.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_WindowShopper.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Linha deletada : user_pref("CT2849856.mam_gk_calledSetupService.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
Linha deletada : user_pref("CT2849856.mam_gk_eventsCache.enc", "eyJiNWRmZmQ2Yi01M2Y1LTRlYzQtODM5OC01ZDg4NmVhZDViNDgiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Linha deletada : user_pref("CT2849856.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_first_time.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_gadgetOpen.enc", "MA==");
Linha deletada : user_pref("CT2849856.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_lastLoginTime.enc", "MTM3NzM2NDk4NTc4Mw==");
Linha deletada : user_pref("CT2849856.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBl[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_userId.enc", "MGI4MWNkZjYtNzllYS00M2QxLTgwOTQtMTQ3ZGJmMmM3MDIy");
Linha deletada : user_pref("CT2849856.mam_gk_user_approval_interacted.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_welcomeDialogMode.enc", "MQ==");
Linha deletada : user_pref("CT2849856.migrateAppsAndComponents", true);
Linha deletada : user_pref("CT2849856.missingMachineIdSent", "true");
Linha deletada : user_pref("CT2849856.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BittorrentBarPT.OurToolbar.com/\",\"EB[...]
Linha deletada : user_pref("CT2849856.openThankYouPage", "true");
Linha deletada : user_pref("CT2849856.openUninstallPage", "false");
Linha deletada : user_pref("CT2849856.price-gong.isManagedApp", "true");
Linha deletada : user_pref("CT2849856.revertSettingsEnabled", "false");
Linha deletada : user_pref("CT2849856.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Linha deletada : user_pref("CT2849856.search.searchAppId", "129349797096062685");
Linha deletada : user_pref("CT2849856.search.searchCount", "0");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.searchSuggestEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849856\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BittorrentBarPT.OurToolbar.com//xpi\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_PT \"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_services_Configuration_lastUpdate", "1377365010597");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377047354753");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appsMetadata_lastUpdate", "1377365010226");
Linha deletada : user_pref("CT2849856.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377365008140");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366942296875");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366943032081");
Linha deletada : user_pref("CT2849856.serviceLayer_services_location_lastUpdate", "1372987241810");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.14.65.43_lastUpdate", "1372987238851");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367353940408");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367017222041");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372898923301");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374895081963");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377365007232");
Linha deletada : user_pref("CT2849856.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377365008040");
Linha deletada : user_pref("CT2849856.serviceLayer_services_searchAPI_lastUpdate", "1377365010217");
Linha deletada : user_pref("CT2849856.serviceLayer_services_serviceMap_lastUpdate", "1377365008126");
Linha deletada : user_pref("CT2849856.serviceLayer_services_setupAPI_lastUpdate", "1372987242590");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377365007937");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarSettings_lastUpdate", "1377365010045");
Linha deletada : user_pref("CT2849856.serviceLayer_services_translation_lastUpdate", "1377365008339");
Linha deletada : user_pref("CT2849856.settingsINI", true);
Linha deletada : user_pref("CT2849856.shouldFirstTimeDialog", "false");
Linha deletada : user_pref("CT2849856.showToolbarPermission", "false");
Linha deletada : user_pref("CT2849856.smartbar.CTID", "CT2849856");
Linha deletada : user_pref("CT2849856.smartbar.Uninstall", "0");
Linha deletada : user_pref("CT2849856.smartbar.toolbarName", "BittorrentBar_PT ");
Linha deletada : user_pref("CT2849856.startPage", "false");
Linha deletada : user_pref("CT2849856.toolbarBornServerTime", "26-4-2013");
Linha deletada : user_pref("CT2849856.toolbarCurrentServerTime", "6-9-2013");
Linha deletada : user_pref("CT2849856.toolbarLoginClientTime", "Thu Apr 25 2013 23:23:52 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2849856.url_history0001.enc", "aHR0cDovL2JyLW1nNi5tYWlsLnlhaG9vLmNvbS9uZW8vbGF1bmNoIzo6OmNsaWNraGFuZGxlcjo6OjEzNzcwOTU4MzM5ODAsLCxodHRwOi8vYnItbWc2Lm1haWwueWFob28uY29tL25lby9sYXVuY2gjOjo6[...]
Linha deletada : user_pref("CT2849856_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389378065666,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Linha deletada : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw");
Linha deletada : user_pref("browser.search.defaultenginename", "MyStart Search");
Linha deletada : user_pref("browser.search.selectedEngine", "MyStart Search");
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=280612_6_");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hmpg", true);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15821");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=280612_6_&babsrc=KW_ss&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.lastDP", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "19.0");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Linha deletada : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.propectorlck", 103042449);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1022:36:08");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.BabylonToolbar_i.hardId", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112931&tt=3412_8&babsrc=NT_def");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.delta.bbDpng", "21");
Linha deletada : user_pref("extensions.delta.cntry", "");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.hdrMd5", "309E58F4C5B256A5291921FC86360CB1");
Linha deletada : user_pref("extensions.delta.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.delta.instlDay", "15873");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.sg", "azb");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.21.5");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.21.5");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=120613_ndt");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.funmoods.aflt", "ironpub");
Linha deletada : user_pref("extensions.funmoods.autoRvrt", false);
Linha deletada : user_pref("extensions.funmoods.cntry", "");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.envrmnt", "production");
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.fmupdtFirst", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "89F6EC47816030DD0DD0614B7C961515");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=3400731[...]
Linha deletada : user_pref("extensions.funmoods.id", "C417FE45DE49E93E");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15578");
Linha deletada : user_pref("extensions.funmoods.instlRef", "ironpub");
Linha deletada : user_pref("extensions.funmoods.isdcmntcmplt", true);
Linha deletada : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Linha deletada : user_pref("extensions.funmoods.newTab", true);
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=34007[...]
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Search");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=340[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods_i.newTab", true);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.countryiso", "br");
Linha deletada : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Linha deletada : user_pref("extensions.helperbar.installationid", "501dd304-c6f5-4eaa-878e-d9fa63fba4a2");
Linha deletada : user_pref("extensions.helperbar.installdate", "16/06/2013");
Linha deletada : user_pref("extensions.helperbar.publisher", "quickobrw");
Linha deletada : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Linha deletada : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77fdcabb&ptnrS=HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013121211");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "undefined");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Linha deletada : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw&search=");
Linha deletada : user_pref("smartbar.machineId", "PYH6XZYRKFR2XY0Q8DG6ESDZQUGWL9XYOXU1HTA+YRWKJ9RD0Y4CR+IIA1JKP+3RUSJE4SG/1CUYW39UMNE/QQ");

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Homepage] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : hfimfliilbabfohebppnfomgjljicpdm
Deletedo [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj

*************************

AdwCleaner[R0].txt - [36661 octets] - [04/06/2014 23:56:32]
AdwCleaner[S0].txt - [35716 octets] - [04/06/2014 23:57:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35777 octets] ##########
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 00:10

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 00:21

Power, estou tentando rodar o JRT mas quando mando executar ele mostra uma mensagem "Abort" e fecha rapidamente. =/
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 00:30

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 01:04

Aqui, Power! =)


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 0:32:01,50.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-012230.log 31719 bytes

==== System Restore Info ======================

05/06/2014 00:33:33 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Baidu deleted

==== Folders Found ======================

2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 03:52:49 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 02:55:25 2014-06-04 14:40:11 -------- d-----w- C:\Users\Luana\AppData\Roaming\Baidu Security
2014-06-05 02:59:04 2014-06-05 02:59:04 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu

==== Files Found ======================


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"="http://sync.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt\\optbt.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [01/06/2014 23:47]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[09/05/2014 23:32]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\Launch Rambooster 2.0.lnk - C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\MP3 Rocket 6.3.4.lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk - C:\Program Files\Adobe\Adobe Content Viewer\Adobe Content Viewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC.lnk - C:\Program Files\Adobe\Adobe InDesign CC\InDesign.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk - C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Leiame.lnk - C:\Program Files\Tablet\Pen\Leiame.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Preferências Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Utilitário do Arquivo de Preferências do Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=77 folders=36 26014396 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Luana\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 05/06/2014 at 1:00:57,97 ======================
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 01:06

Como este procedimento é demorado e já está tarde, amanhã de manhã analiso para você e te passo o próximo passo, ok?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 01:08

Está ótimo!! Muito obrigada e até amanha!

Descansemos! Wink
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 17:59

Desculpe-me pela demora na resposta.

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 18:20

Imagina! =)

Vamos lá! Deu isso aqui....




Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:04:23,43.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes

==== System Restore Info ======================

05/06/2014 18:05:21 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Deleting Files \ Folders ======================

C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luana\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted

==== Folders Found ======================

2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 21:08:36 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\ProgramData\Baidu
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\Users\All Users\Baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"

[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=176 folders=61 63287753 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security" not found
"C:\Program Files\Baidu Security\Baidu Antivirus" not found

==== EOF on 05/06/2014 at 18:14:04,74 ======================
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 18:27

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 18:50

Segue log!  


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:31:49,94.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes

==== System Restore Info ======================

05/06/2014 18:33:17 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security not found
C:\ProgramData\Baidu deleted

==== Folders Found ======================

2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:33:47 2014-06-05 21:33:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:33:48 2014-06-05 21:33:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"

[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=65 63300751 bytes)

==== EOF on 05/06/2014 at 18:37:01,13 ======================
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 18:56

Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 19:15

Relatório do ZHP!


~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 19:12:14)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/414
~ Mon Bureau (My Desktop) : 2/647
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 06s



---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3276]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4876]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
M3 - MFPP: Plugins - [Luana] -- C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\clikseguro.xml
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Update gooternet (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe (.not file.)
~ Services: 11 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{1EF48421-32B7-47BE-951C-D5BC63ED780C}] (...) -- C:\Users\Luana\Downloads\Nero-12.0.02900_trial.exe (.not file.) [0]
[MD5.EE5F9B1263BEE66265E481100EE3DF35] [APT] [{99C87BA5-D488-40E3-AE19-3322E5ECB2EC}] (.BluetoothInstaller.com.) -- C:\Users\Luana\Downloads\BluetoothDriverInstaller.exe [1904640]
[MD5.00000000000000000000000000000000] [APT] [{DC346134-58B6-409B-AD64-0EFDDC755C9A}] (...) -- c:\users\Luana\appdata\local\lollipop\lollipop_04200344.bat (.not file.) [0] =>Adware.Lollipop
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys =>PUP.LinkiDoo
~ Drivers: 90 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\360Safe]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 172 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 10/01/2014 - 17:03:48 - [] ----D C:\Users\Luana\AppData\Roaming\360safe
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 151 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results.log [10529]
O44 - LFC:[MD5.8E9780DE38A935BEA8361E800816C09A] - 22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.A4EFC721E5AFB71B2E6B1161A1F4162F] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O44 - LFC:[MD5.B9AC5F00F68ECA1AEC09321EEFFF78D6] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O44 - LFC:[MD5.3D38CFC96FEBBD7F6D88E4C7CFE8E377] - 30/05/2014 - 22:46:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O44 - LFC:[MD5.DFA0FDB9CBAACE5321EA107E5B48D5B2] - 30/05/2014 - 22:46:39 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O44 - LFC:[MD5.FCA87A5233106355F24C550A4EB746E4] - 30/05/2014 - 22:46:49 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 24 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 22/05/2014 - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) .(.StdLib - StdLib.) - LEGACY_{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW =>PUP.LinkiDoo
~ Legacy: 98 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS =>PUP.Storimbo
~ BTK: 295 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\360Safe] =>Trojan.Lozavita
~ Additionnel Scan: 258821 Items scanned in 00mn 54s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.PriceGong
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Babylon
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Conduit
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.SmartBar
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Storimbo
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.USyndication
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Lozavita
~ MSI: 10 link(s) detected in 00mn 00s



~ 702 Legitimates filtered by white list
End of the scan (518 lines in 02mn 01s)(0)
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 19:35

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________________

 Acesse o site [Você precisa estar registrado e conectado para ver este link.] e envie este arquivo destacado em negrito abaixo para ser analisado:

C:\Program Files\gooternet\updategooternet.exe

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita
________________________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.


Última edição por Power Max em Qui 05 Jun 2014, 20:52, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 20:08

Power, não consegui localizar a pasta gooternet! =/
Segue relatório do ZHP! Wink

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:05:36
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 07s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BNBASE Parado
{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS
ELIMINÉ: HKCU\Software\usyndication.com

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\luana\appdata\roaming\mozilla\firefox\profiles\4kkcyftl.default\searchplugins\clikseguro.xml
ELIMINÉ: c:\windows\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}gw.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bnbasex.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (17) (1.465.389 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {1EF48421-32B7-47BE-951C-D5BC63ED780C}
ELIMINÉ: {99C87BA5-D488-40E3-AE19-3322E5ECB2EC}
ELIMINÉ: {DC346134-58B6-409B-AD64-0EFDDC755C9A}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
10 : Ficheiros
2 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 31s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [2951]
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 20:13

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 05 Jun 2014, 20:53, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 20:16

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 20:15:31,41.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes
C:\zoek-results2014-06-05-213701.log 10529 bytes

==== VirusTotal Scan ======================

C:\Program Files\gooternet\updategooternet.exe not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=65 63300751 bytes)

==== EOF on 05/06/2014 at 20:16:01,78 ======================
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 20:20

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 20:25

Segue.... =)

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 20:22:13)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/415
~ Mon Bureau (My Desktop) : 2/648
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 03s



---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3516]
[MD5.352E8561E633B17ED22012366721FFDC] - (...) -- C:\Users\Luana\Downloads\zoek.exe [1285120] [PID.2476]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4540]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 11 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (. - .) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 144 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 150 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results2014-06-05-213701.log [10529]
O44 - LFC:[MD5.6732FF0A0175ABA71D6A46819DD8AADD] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\runcheck.txt [532]
O44 - LFC:[MD5.DDF921B426A0C770FEA1A859E12C651F] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\zoek-results.log [811]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 16 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
~ Legacy: 98 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 284 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 257703 Items scanned in 00mn 50s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.PriceGong
~ MSI: 1 link(s) detected in 00mn 00s



~ 656 Legitimates filtered by white list
End of the scan (468 lines in 02mn 02s)(0)
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 20:31

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.


Última edição por Power Max em Qui 05 Jun 2014, 20:53, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 20:34

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:33:39
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 14s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (13) (1.362.328 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 30s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [3031]
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/06/2014 20:33:54 [1275]
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Power Max em Qui 05 Jun 2014, 20:35

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Lua Monteiro em Qui 05 Jun 2014, 20:48

Eu reiniciei, aparentemente tudo certo!
Agora, dei uma olhadinha no registro pesquisei por Baidu e apareceu isso, normal?
avatar
Lua Monteiro
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014

Voltar ao Topo Ir em baixo

Re: Baidu persistente na remoção!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum