Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 14 usuários online :: 0 registrados, 0 invisíveis e 14 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Baidu persistente na remoção!
3 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Baidu persistente na remoção!
por Lua Monteiro Qua 04 Jun 2014, 23:46
Olá, boa noite! Estou também tendo problemas com o Baidu! Não sei bem quando ele apareceu mas um dia ele estava lá e parece que criou raízes!
Já tentei um pouco de tudo e quando parece que consigo excluí-lo o danado volta!
Adoraria uma ajuda, galera! Agradeço desde já!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:08:59, on 04/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Luana\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Update gooternet - Unknown owner - C:\Program Files\gooternet\updategooternet.exe (file missing)
O23 - Service: Update Storimbo - Unknown owner - C:\Program Files\Storimbo\updateStorimbo.exe (file missing)
--
End of file - 7319 bytes
Já tentei um pouco de tudo e quando parece que consigo excluí-lo o danado volta!
Adoraria uma ajuda, galera! Agradeço desde já!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:08:59, on 04/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Luana\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Update gooternet - Unknown owner - C:\Program Files\gooternet\updategooternet.exe (file missing)
O23 - Service: Update Storimbo - Unknown owner - C:\Program Files\Storimbo\updateStorimbo.exe (file missing)
--
End of file - 7319 bytes
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qua 04 Jun 2014, 23:50
Oi Lua.Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 00:08
Olá, Power! Obrigada pela ajuda! Vamos lá....
# AdwCleaner v3.211 - Relatório criado 04/06/2014 às 23:57:38
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Luana - LUANA-PC
# Executando de : C:\Users\Luana\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Update Storimbo
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Luana\AppData\Local\genienext
Pasta Deletada : C:\Users\Luana\AppData\Local\lollipop
Pasta Deletada : C:\Users\Luana\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Luana\AppData\Local\VideoDownloadConverter_4z
Pasta Deletada : C:\Users\Luana\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Luana\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Luana\AppData\Roaming\file scout
Pasta Deletada : C:\Users\Luana\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luana\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\Smartbar
Pasta Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
Arquivo Deletada : C:\Users\Luana\daemonprocess.txt
Arquivo Deletada : C:\Users\Luana\AppData\LocalLow\SkwConfig.bin
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_extensions.sqlite
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_prefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\invalidprefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\BrowserProtect.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\delta.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\MyStart Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\my-web-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIM Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIm.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\user.js
Arquivo Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
Chave Deletedo : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKCU\Software\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\delta LTD
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\WNLT
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\nationzoomSoftware
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SimplyGen
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\WNLT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js ]
Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_city", "SAO PAULO");
Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_country", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_country", "BRAZIL");
Linha deletada : user_pref("CT2849856.1000234.TWC_locId", "BRXX0232");
Linha deletada : user_pref("CT2849856.1000234.TWC_location", "Sao Paulo, Brazil");
Linha deletada : user_pref("CT2849856.1000234.TWC_region", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_temp_dis", "c");
Linha deletada : user_pref("CT2849856.1000234.TWC_wind_dis", "kmh");
Linha deletada : user_pref("CT2849856.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.FF19Solved", "true");
Linha deletada : user_pref("CT2849856.Facebook_Mode.enc", "Mg==");
Linha deletada : user_pref("CT2849856.Facebook_User_Locale.enc", "ZW4=");
Linha deletada : user_pref("CT2849856.FirstTime", "true");
Linha deletada : user_pref("CT2849856.FirstTimeFF3", "true");
Linha deletada : user_pref("CT2849856.PG_ENABLE", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.PG_ENABLE.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Linha deletada : user_pref("CT2849856.SF_STATUS.enc", "RU5BQkxFRA==");
Linha deletada : user_pref("CT2849856.SF_USER_ID.enc", "Y2lkXzI1NDIwMTMyMzExNDMxMjE1NDc5");
Linha deletada : user_pref("CT2849856.UserID", "UN18272589571832541");
Linha deletada : user_pref("CT2849856.addressBarTakeOverEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.autoDisableScopes", 0);
Linha deletada : user_pref("CT2849856.cb_experience_000.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_firstuse0100.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_user_id_000.enc", "Q0IzOTIxNDg4MjUyMThfMTM2NzAxOTc5NzIyNl9GaXJlZm94");
Linha deletada : user_pref("CT2849856.cbfirsttime.enc", "VHVlIEFwciAzMCAyMDEzIDE4OjQ3OjQwIEdNVC0wMzAwIChIb3JhIG9maWNpYWwgZG8gQnJhc2lsKQ==");
Linha deletada : user_pref("CT2849856.countryCode", "BR");
Linha deletada : user_pref("CT2849856.defaultSearch", "false");
Linha deletada : user_pref("CT2849856.embeddedsData", "[{\"appId\":\"129349797096062685\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Linha deletada : user_pref("CT2849856.enableFix404ByUser", "FALSE");
Linha deletada : user_pref("CT2849856.enableSearchFromAddressBar", "false");
Linha deletada : user_pref("CT2849856.firstTimeDialogOpened", "true");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorByUser", "TRUE");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorInHidden", "true");
Linha deletada : user_pref("CT2849856.fixUrls", true);
Linha deletada : user_pref("CT2849856.installDate", "25/4/2013 23:10:27");
Linha deletada : user_pref("CT2849856.installType", "xpe");
Linha deletada : user_pref("CT2849856.installUsage", "2013-04-26T05:23:50.1947571+03:00");
Linha deletada : user_pref("CT2849856.installUsageEarly", "2013-04-26T05:11:32.2907175+03:00");
Linha deletada : user_pref("CT2849856.installerVersion", "1.3.7.3");
Linha deletada : user_pref("CT2849856.isCheckedStartAsHidden", true);
Linha deletada : user_pref("CT2849856.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.isFirstTimeToolbarLoading", "false");
Linha deletada : user_pref("CT2849856.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linha deletada : user_pref("CT2849856.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2849856&octid=CT2849856&SearchSource=15&CUI=UN18272589571832541&SSPV=&Lay=1&UM=\"}");
Linha deletada : user_pref("CT2849856.lastVersion", "10.20.0.513");
Linha deletada : user_pref("CT2849856.mam_gk_appStateReportTime.enc", "MTM3NzM2NDk4MDM2NQ==");
Linha deletada : user_pref("CT2849856.mam_gk_appState_CouponBuddy.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_PriceGong.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_WindowShopper.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Linha deletada : user_pref("CT2849856.mam_gk_calledSetupService.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
Linha deletada : user_pref("CT2849856.mam_gk_eventsCache.enc", "eyJiNWRmZmQ2Yi01M2Y1LTRlYzQtODM5OC01ZDg4NmVhZDViNDgiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Linha deletada : user_pref("CT2849856.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_first_time.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_gadgetOpen.enc", "MA==");
Linha deletada : user_pref("CT2849856.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_lastLoginTime.enc", "MTM3NzM2NDk4NTc4Mw==");
Linha deletada : user_pref("CT2849856.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBl[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_userId.enc", "MGI4MWNkZjYtNzllYS00M2QxLTgwOTQtMTQ3ZGJmMmM3MDIy");
Linha deletada : user_pref("CT2849856.mam_gk_user_approval_interacted.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_welcomeDialogMode.enc", "MQ==");
Linha deletada : user_pref("CT2849856.migrateAppsAndComponents", true);
Linha deletada : user_pref("CT2849856.missingMachineIdSent", "true");
Linha deletada : user_pref("CT2849856.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BittorrentBarPT.OurToolbar.com/\",\"EB[...]
Linha deletada : user_pref("CT2849856.openThankYouPage", "true");
Linha deletada : user_pref("CT2849856.openUninstallPage", "false");
Linha deletada : user_pref("CT2849856.price-gong.isManagedApp", "true");
Linha deletada : user_pref("CT2849856.revertSettingsEnabled", "false");
Linha deletada : user_pref("CT2849856.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Linha deletada : user_pref("CT2849856.search.searchAppId", "129349797096062685");
Linha deletada : user_pref("CT2849856.search.searchCount", "0");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.searchSuggestEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849856\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BittorrentBarPT.OurToolbar.com//xpi\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_PT \"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_services_Configuration_lastUpdate", "1377365010597");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377047354753");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appsMetadata_lastUpdate", "1377365010226");
Linha deletada : user_pref("CT2849856.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377365008140");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366942296875");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366943032081");
Linha deletada : user_pref("CT2849856.serviceLayer_services_location_lastUpdate", "1372987241810");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.14.65.43_lastUpdate", "1372987238851");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367353940408");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367017222041");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372898923301");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374895081963");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377365007232");
Linha deletada : user_pref("CT2849856.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377365008040");
Linha deletada : user_pref("CT2849856.serviceLayer_services_searchAPI_lastUpdate", "1377365010217");
Linha deletada : user_pref("CT2849856.serviceLayer_services_serviceMap_lastUpdate", "1377365008126");
Linha deletada : user_pref("CT2849856.serviceLayer_services_setupAPI_lastUpdate", "1372987242590");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377365007937");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarSettings_lastUpdate", "1377365010045");
Linha deletada : user_pref("CT2849856.serviceLayer_services_translation_lastUpdate", "1377365008339");
Linha deletada : user_pref("CT2849856.settingsINI", true);
Linha deletada : user_pref("CT2849856.shouldFirstTimeDialog", "false");
Linha deletada : user_pref("CT2849856.showToolbarPermission", "false");
Linha deletada : user_pref("CT2849856.smartbar.CTID", "CT2849856");
Linha deletada : user_pref("CT2849856.smartbar.Uninstall", "0");
Linha deletada : user_pref("CT2849856.smartbar.toolbarName", "BittorrentBar_PT ");
Linha deletada : user_pref("CT2849856.startPage", "false");
Linha deletada : user_pref("CT2849856.toolbarBornServerTime", "26-4-2013");
Linha deletada : user_pref("CT2849856.toolbarCurrentServerTime", "6-9-2013");
Linha deletada : user_pref("CT2849856.toolbarLoginClientTime", "Thu Apr 25 2013 23:23:52 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2849856.url_history0001.enc", "aHR0cDovL2JyLW1nNi5tYWlsLnlhaG9vLmNvbS9uZW8vbGF1bmNoIzo6OmNsaWNraGFuZGxlcjo6OjEzNzcwOTU4MzM5ODAsLCxodHRwOi8vYnItbWc2Lm1haWwueWFob28uY29tL25lby9sYXVuY2gjOjo6[...]
Linha deletada : user_pref("CT2849856_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389378065666,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Linha deletada : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw");
Linha deletada : user_pref("browser.search.defaultenginename", "MyStart Search");
Linha deletada : user_pref("browser.search.selectedEngine", "MyStart Search");
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=280612_6_");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hmpg", true);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15821");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=280612_6_&babsrc=KW_ss&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.lastDP", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "19.0");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Linha deletada : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.propectorlck", 103042449);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1022:36:08");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.BabylonToolbar_i.hardId", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112931&tt=3412_8&babsrc=NT_def");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.delta.bbDpng", "21");
Linha deletada : user_pref("extensions.delta.cntry", "");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.hdrMd5", "309E58F4C5B256A5291921FC86360CB1");
Linha deletada : user_pref("extensions.delta.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.delta.instlDay", "15873");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.sg", "azb");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.21.5");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.21.5");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=120613_ndt");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.funmoods.aflt", "ironpub");
Linha deletada : user_pref("extensions.funmoods.autoRvrt", false);
Linha deletada : user_pref("extensions.funmoods.cntry", "");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.envrmnt", "production");
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.fmupdtFirst", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "89F6EC47816030DD0DD0614B7C961515");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=3400731[...]
Linha deletada : user_pref("extensions.funmoods.id", "C417FE45DE49E93E");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15578");
Linha deletada : user_pref("extensions.funmoods.instlRef", "ironpub");
Linha deletada : user_pref("extensions.funmoods.isdcmntcmplt", true);
Linha deletada : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Linha deletada : user_pref("extensions.funmoods.newTab", true);
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=34007[...]
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Search");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=340[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods_i.newTab", true);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.countryiso", "br");
Linha deletada : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Linha deletada : user_pref("extensions.helperbar.installationid", "501dd304-c6f5-4eaa-878e-d9fa63fba4a2");
Linha deletada : user_pref("extensions.helperbar.installdate", "16/06/2013");
Linha deletada : user_pref("extensions.helperbar.publisher", "quickobrw");
Linha deletada : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Linha deletada : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77fdcabb&ptnrS=HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013121211");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "undefined");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Linha deletada : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw&search=");
Linha deletada : user_pref("smartbar.machineId", "PYH6XZYRKFR2XY0Q8DG6ESDZQUGWL9XYOXU1HTA+YRWKJ9RD0Y4CR+IIA1JKP+3RUSJE4SG/1CUYW39UMNE/QQ");
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : hfimfliilbabfohebppnfomgjljicpdm
Deletedo [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
*************************
AdwCleaner[R0].txt - [36661 octets] - [04/06/2014 23:56:32]
AdwCleaner[S0].txt - [35716 octets] - [04/06/2014 23:57:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35777 octets] ##########
# AdwCleaner v3.211 - Relatório criado 04/06/2014 às 23:57:38
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Luana - LUANA-PC
# Executando de : C:\Users\Luana\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Update Storimbo
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Luana\AppData\Local\genienext
Pasta Deletada : C:\Users\Luana\AppData\Local\lollipop
Pasta Deletada : C:\Users\Luana\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Luana\AppData\Local\VideoDownloadConverter_4z
Pasta Deletada : C:\Users\Luana\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Luana\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Luana\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Luana\AppData\Roaming\file scout
Pasta Deletada : C:\Users\Luana\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luana\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\Smartbar
Pasta Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
Arquivo Deletada : C:\Users\Luana\daemonprocess.txt
Arquivo Deletada : C:\Users\Luana\AppData\LocalLow\SkwConfig.bin
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_extensions.sqlite
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\bprotector_prefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\invalidprefs.js
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\BrowserProtect.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\delta.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\MyStart Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\my-web-search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIM Search.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\SweetIm.xml
Arquivo Deletada : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\user.js
Arquivo Deletada : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB2D4C6-9310-4842-92C5-511B70F5DB7C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A80FEBC9-5D05-41E4-A4FD-C92964A92724}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D918EAA8-7B8C-4785-B356-DE6D30548BA2}
Chave Deletedo : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chave Deletedo : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKCU\Software\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\828bdee135ef14
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mp3-rocket_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\delta LTD
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\WNLT
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\nationzoomSoftware
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SimplyGen
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\WNLT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js ]
Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_city", "SAO PAULO");
Linha deletada : user_pref("CT2849856.1000234.TWC_TMP_country", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_country", "BRAZIL");
Linha deletada : user_pref("CT2849856.1000234.TWC_locId", "BRXX0232");
Linha deletada : user_pref("CT2849856.1000234.TWC_location", "Sao Paulo, Brazil");
Linha deletada : user_pref("CT2849856.1000234.TWC_region", "BR");
Linha deletada : user_pref("CT2849856.1000234.TWC_temp_dis", "c");
Linha deletada : user_pref("CT2849856.1000234.TWC_wind_dis", "kmh");
Linha deletada : user_pref("CT2849856.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.FF19Solved", "true");
Linha deletada : user_pref("CT2849856.Facebook_Mode.enc", "Mg==");
Linha deletada : user_pref("CT2849856.Facebook_User_Locale.enc", "ZW4=");
Linha deletada : user_pref("CT2849856.FirstTime", "true");
Linha deletada : user_pref("CT2849856.FirstTimeFF3", "true");
Linha deletada : user_pref("CT2849856.PG_ENABLE", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.PG_ENABLE.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Linha deletada : user_pref("CT2849856.SF_STATUS.enc", "RU5BQkxFRA==");
Linha deletada : user_pref("CT2849856.SF_USER_ID.enc", "Y2lkXzI1NDIwMTMyMzExNDMxMjE1NDc5");
Linha deletada : user_pref("CT2849856.UserID", "UN18272589571832541");
Linha deletada : user_pref("CT2849856.addressBarTakeOverEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.autoDisableScopes", 0);
Linha deletada : user_pref("CT2849856.cb_experience_000.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_firstuse0100.enc", "MQ==");
Linha deletada : user_pref("CT2849856.cb_user_id_000.enc", "Q0IzOTIxNDg4MjUyMThfMTM2NzAxOTc5NzIyNl9GaXJlZm94");
Linha deletada : user_pref("CT2849856.cbfirsttime.enc", "VHVlIEFwciAzMCAyMDEzIDE4OjQ3OjQwIEdNVC0wMzAwIChIb3JhIG9maWNpYWwgZG8gQnJhc2lsKQ==");
Linha deletada : user_pref("CT2849856.countryCode", "BR");
Linha deletada : user_pref("CT2849856.defaultSearch", "false");
Linha deletada : user_pref("CT2849856.embeddedsData", "[{\"appId\":\"129349797096062685\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Linha deletada : user_pref("CT2849856.enableFix404ByUser", "FALSE");
Linha deletada : user_pref("CT2849856.enableSearchFromAddressBar", "false");
Linha deletada : user_pref("CT2849856.firstTimeDialogOpened", "true");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorByUser", "TRUE");
Linha deletada : user_pref("CT2849856.fixPageNotFoundErrorInHidden", "true");
Linha deletada : user_pref("CT2849856.fixUrls", true);
Linha deletada : user_pref("CT2849856.installDate", "25/4/2013 23:10:27");
Linha deletada : user_pref("CT2849856.installType", "xpe");
Linha deletada : user_pref("CT2849856.installUsage", "2013-04-26T05:23:50.1947571+03:00");
Linha deletada : user_pref("CT2849856.installUsageEarly", "2013-04-26T05:11:32.2907175+03:00");
Linha deletada : user_pref("CT2849856.installerVersion", "1.3.7.3");
Linha deletada : user_pref("CT2849856.isCheckedStartAsHidden", true);
Linha deletada : user_pref("CT2849856.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.isFirstTimeToolbarLoading", "false");
Linha deletada : user_pref("CT2849856.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linha deletada : user_pref("CT2849856.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2849856&octid=CT2849856&SearchSource=15&CUI=UN18272589571832541&SSPV=&Lay=1&UM=\"}");
Linha deletada : user_pref("CT2849856.lastVersion", "10.20.0.513");
Linha deletada : user_pref("CT2849856.mam_gk_appStateReportTime.enc", "MTM3NzM2NDk4MDM2NQ==");
Linha deletada : user_pref("CT2849856.mam_gk_appState_CouponBuddy.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_PriceGong.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appState_WindowShopper.enc", "b24=");
Linha deletada : user_pref("CT2849856.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Linha deletada : user_pref("CT2849856.mam_gk_calledSetupService.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
Linha deletada : user_pref("CT2849856.mam_gk_eventsCache.enc", "eyJiNWRmZmQ2Yi01M2Y1LTRlYzQtODM5OC01ZDg4NmVhZDViNDgiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Linha deletada : user_pref("CT2849856.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_first_time.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_gadgetOpen.enc", "MA==");
Linha deletada : user_pref("CT2849856.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_lastLoginTime.enc", "MTM3NzM2NDk4NTc4Mw==");
Linha deletada : user_pref("CT2849856.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBl[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT2849856.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT2849856.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT2849856.mam_gk_userId.enc", "MGI4MWNkZjYtNzllYS00M2QxLTgwOTQtMTQ3ZGJmMmM3MDIy");
Linha deletada : user_pref("CT2849856.mam_gk_user_approval_interacted.enc", "MQ==");
Linha deletada : user_pref("CT2849856.mam_gk_welcomeDialogMode.enc", "MQ==");
Linha deletada : user_pref("CT2849856.migrateAppsAndComponents", true);
Linha deletada : user_pref("CT2849856.missingMachineIdSent", "true");
Linha deletada : user_pref("CT2849856.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://BittorrentBarPT.OurToolbar.com/\",\"EB[...]
Linha deletada : user_pref("CT2849856.openThankYouPage", "true");
Linha deletada : user_pref("CT2849856.openUninstallPage", "false");
Linha deletada : user_pref("CT2849856.price-gong.isManagedApp", "true");
Linha deletada : user_pref("CT2849856.revertSettingsEnabled", "false");
Linha deletada : user_pref("CT2849856.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Linha deletada : user_pref("CT2849856.search.searchAppId", "129349797096062685");
Linha deletada : user_pref("CT2849856.search.searchCount", "0");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.searchInNewTabEnabledInHidden", "true");
Linha deletada : user_pref("CT2849856.searchSuggestEnabledByUser", "false");
Linha deletada : user_pref("CT2849856.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849856\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BittorrentBarPT.OurToolbar.com//xpi\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_PT \"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Linha deletada : user_pref("CT2849856.serviceLayer_services_Configuration_lastUpdate", "1377365010597");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377047354753");
Linha deletada : user_pref("CT2849856.serviceLayer_services_appsMetadata_lastUpdate", "1377365010226");
Linha deletada : user_pref("CT2849856.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377365008140");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1366942296875");
Linha deletada : user_pref("CT2849856.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1366943032081");
Linha deletada : user_pref("CT2849856.serviceLayer_services_location_lastUpdate", "1372987241810");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.14.65.43_lastUpdate", "1372987238851");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367353940408");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367017222041");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372898923301");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374895081963");
Linha deletada : user_pref("CT2849856.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377365007232");
Linha deletada : user_pref("CT2849856.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377365008040");
Linha deletada : user_pref("CT2849856.serviceLayer_services_searchAPI_lastUpdate", "1377365010217");
Linha deletada : user_pref("CT2849856.serviceLayer_services_serviceMap_lastUpdate", "1377365008126");
Linha deletada : user_pref("CT2849856.serviceLayer_services_setupAPI_lastUpdate", "1372987242590");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377365007937");
Linha deletada : user_pref("CT2849856.serviceLayer_services_toolbarSettings_lastUpdate", "1377365010045");
Linha deletada : user_pref("CT2849856.serviceLayer_services_translation_lastUpdate", "1377365008339");
Linha deletada : user_pref("CT2849856.settingsINI", true);
Linha deletada : user_pref("CT2849856.shouldFirstTimeDialog", "false");
Linha deletada : user_pref("CT2849856.showToolbarPermission", "false");
Linha deletada : user_pref("CT2849856.smartbar.CTID", "CT2849856");
Linha deletada : user_pref("CT2849856.smartbar.Uninstall", "0");
Linha deletada : user_pref("CT2849856.smartbar.toolbarName", "BittorrentBar_PT ");
Linha deletada : user_pref("CT2849856.startPage", "false");
Linha deletada : user_pref("CT2849856.toolbarBornServerTime", "26-4-2013");
Linha deletada : user_pref("CT2849856.toolbarCurrentServerTime", "6-9-2013");
Linha deletada : user_pref("CT2849856.toolbarLoginClientTime", "Thu Apr 25 2013 23:23:52 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2849856.url_history0001.enc", "aHR0cDovL2JyLW1nNi5tYWlsLnlhaG9vLmNvbS9uZW8vbGF1bmNoIzo6OmNsaWNraGFuZGxlcjo6OjEzNzcwOTU4MzM5ODAsLCxodHRwOi8vYnItbWc2Lm1haWwueWFob28uY29tL25lby9sYXVuY2gjOjo6[...]
Linha deletada : user_pref("CT2849856_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389378065666,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Linha deletada : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw");
Linha deletada : user_pref("browser.search.defaultenginename", "MyStart Search");
Linha deletada : user_pref("browser.search.selectedEngine", "MyStart Search");
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=280612_6_");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hmpg", true);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15821");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=280612_6_&babsrc=KW_ss&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.lastDP", 28);
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "19.0");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Linha deletada : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.propectorlck", 103042449);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c4e7e93e000000000000c417fe45de49&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1022:36:08");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.BabylonToolbar_i.hardId", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112931&tt=3412_8&babsrc=NT_def");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:48:51");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.babTrack", "affID=119849");
Linha deletada : user_pref("extensions.delta.bbDpng", "21");
Linha deletada : user_pref("extensions.delta.cntry", "");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.hdrMd5", "309E58F4C5B256A5291921FC86360CB1");
Linha deletada : user_pref("extensions.delta.id", "c4e7e93e000000000000c417fe45de49");
Linha deletada : user_pref("extensions.delta.instlDay", "15873");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.sg", "azb");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.21.5");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.21.523:53:18");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.21.5");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=119816&tt=120613_ndt");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.funmoods.aflt", "ironpub");
Linha deletada : user_pref("extensions.funmoods.autoRvrt", false);
Linha deletada : user_pref("extensions.funmoods.cntry", "");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.envrmnt", "production");
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.fmupdtFirst", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "89F6EC47816030DD0DD0614B7C961515");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=3400731[...]
Linha deletada : user_pref("extensions.funmoods.id", "C417FE45DE49E93E");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15578");
Linha deletada : user_pref("extensions.funmoods.instlRef", "ironpub");
Linha deletada : user_pref("extensions.funmoods.isdcmntcmplt", true);
Linha deletada : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Linha deletada : user_pref("extensions.funmoods.newTab", true);
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=34007[...]
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Search");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CyEtCyB0F0EyEyD0D0EyEzy0EzytA0EtN0D0Tzu0StBtAzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=340[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods_i.newTab", true);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:28:49");
Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.countryiso", "br");
Linha deletada : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Linha deletada : user_pref("extensions.helperbar.installationid", "501dd304-c6f5-4eaa-878e-d9fa63fba4a2");
Linha deletada : user_pref("extensions.helperbar.installdate", "16/06/2013");
Linha deletada : user_pref("extensions.helperbar.publisher", "quickobrw");
Linha deletada : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Linha deletada : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77fdcabb&ptnrS=HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013121211");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxpi000YY");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "undefined");
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Linha deletada : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Linha deletada : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6PRlKE6Mvb&i=26&loc=skw&search=");
Linha deletada : user_pref("smartbar.machineId", "PYH6XZYRKFR2XY0Q8DG6ESDZQUGWL9XYOXU1HTA+YRWKJ9RD0Y4CR+IIA1JKP+3RUSJE4SG/1CUYW39UMNE/QQ");
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : hfimfliilbabfohebppnfomgjljicpdm
Deletedo [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
*************************
AdwCleaner[R0].txt - [36661 octets] - [04/06/2014 23:56:32]
AdwCleaner[S0].txt - [35716 octets] - [04/06/2014 23:57:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35777 octets] ##########
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 00:10
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 00:21
Power, estou tentando rodar o JRT mas quando mando executar ele mostra uma mensagem "Abort" e fecha rapidamente. =/
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 00:30
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 01:04
Aqui, Power! =)
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 0:32:01,50.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
==== System Restore Info ======================
05/06/2014 00:33:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Baidu deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 03:52:49 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 02:55:25 2014-06-04 14:40:11 -------- d-----w- C:\Users\Luana\AppData\Roaming\Baidu Security
2014-06-05 02:59:04 2014-06-05 02:59:04 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"="http://sync.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"="\\Baidu Antivirus Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt\\optbt.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [01/06/2014 23:47]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[09/05/2014 23:32]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\Launch Rambooster 2.0.lnk - C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\MP3 Rocket 6.3.4.lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk - C:\Program Files\Adobe\Adobe Content Viewer\Adobe Content Viewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC.lnk - C:\Program Files\Adobe\Adobe InDesign CC\InDesign.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk - C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Leiame.lnk - C:\Program Files\Tablet\Pen\Leiame.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Preferências Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Utilitário do Arquivo de Preferências do Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=77 folders=36 26014396 bytes)
==== Empty Temp Folders ======================
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Luana\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 05/06/2014 at 1:00:57,97 ======================
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 0:32:01,50.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
==== System Restore Info ======================
05/06/2014 00:33:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Baidu deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 03:52:49 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 03:03:40 2014-06-04 16:27:16 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-31 01:46:17 2014-06-02 02:39:13 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-06-17 02:55:25 2014-06-04 14:40:11 -------- d-----w- C:\Users\Luana\AppData\Roaming\Baidu Security
2014-06-05 02:59:04 2014-06-05 02:59:04 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-05-31 01:46:17
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"="http://sync.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"="\\Baidu Antivirus Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt\\optbt.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [01/06/2014 23:47]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[09/05/2014 23:32]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\Launch Rambooster 2.0.lnk - C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\MP3 Rocket 6.3.4.lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk - C:\Program Files\Adobe\Adobe Content Viewer\Adobe Content Viewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk - C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC.lnk - C:\Program Files\Adobe\Adobe InDesign CC\InDesign.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk - C:\Program Files\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Leiame.lnk - C:\Program Files\Tablet\Pen\Leiame.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Preferências Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo\Utilitário do Arquivo de Preferências do Bamboo.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\Luana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=77 folders=36 26014396 bytes)
==== Empty Temp Folders ======================
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Luana\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 05/06/2014 at 1:00:57,97 ======================
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 01:06
Como este procedimento é demorado e já está tarde, amanhã de manhã analiso para você e te passo o próximo passo, ok?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 01:08
Está ótimo!! Muito obrigada e até amanha!
Descansemos!
Descansemos!
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 17:59
Desculpe-me pela demora na resposta.
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek:
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek:
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 18:20
Imagina! =)
Vamos lá! Deu isso aqui....
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:04:23,43.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
==== System Restore Info ======================
05/06/2014 18:05:21 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
==== Deleting Files \ Folders ======================
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luana\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 21:08:36 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\ProgramData\Baidu
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\Users\All Users\Baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=176 folders=61 63287753 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security" not found
"C:\Program Files\Baidu Security\Baidu Antivirus" not found
==== EOF on 05/06/2014 at 18:14:04,74 ======================
Vamos lá! Deu isso aqui....
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:04:23,43.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
==== System Restore Info ======================
05/06/2014 18:05:21 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E4D23A-7AFE-4C6D-810E-2EA2E5028119}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File16"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File17"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
==== Deleting Files \ Folders ======================
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luana\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files\Baidu Security" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 01:46:04 2014-06-02 02:33:07 -------- d-----w- C:\Program Files\Baidu Security
2014-05-31 01:46:04 2014-06-05 21:08:36 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\ProgramData\Baidu
2014-06-05 04:00:37 2014-06-05 04:00:37 -------- d-----w- C:\Users\All Users\Baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=176 folders=61 63287753 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHp.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files\Baidu Security" not found
"C:\Program Files\Baidu Security\Baidu Antivirus" not found
==== EOF on 05/06/2014 at 18:14:04,74 ======================
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 18:27
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 18:50
Segue log!
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:31:49,94.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes
==== System Restore Info ======================
05/06/2014 18:33:17 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
C:\Program Files\Baidu Security not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:33:47 2014-06-05 21:33:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:33:48 2014-06-05 21:33:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=188 folders=65 63300751 bytes)
==== EOF on 05/06/2014 at 18:37:01,13 ======================
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 18:31:49,94.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes
==== System Restore Info ======================
05/06/2014 18:33:17 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2903138494-4005609713-1385748817-1000\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
C:\Program Files\Baidu Security not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-06-05 02:57:40 2014-06-05 02:57:40 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luana\AppData\Roaming\baidu\Baidu Antivirus
2014-06-05 02:57:42 2014-06-05 02:57:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-05 21:08:07 2014-06-05 21:08:07 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-05 21:33:47 2014-06-05 21:33:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-04 18:16:48 2014-06-05 02:59:04 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-05 21:33:48 2014-06-05 21:33:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-05 21:08:08 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-05 21:08:09 2014-06-04 14:40:11 -------- d---a-w- C:\zoek_backup\C_Users_Luana_AppData_Roaming_Baidu Security
2014-06-05 21:08:09 2014-06-05 21:08:09 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-05 21:08:07 2014-06-05 21:08:08 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3412
Created time: 2014-06-04 18:16:51
Modified time: 2014-05-31 01:46:16
MD5: 9B1D0D613846160D96E597FF247DF47F
SHA1: 677E4E4C61CA5436BE3692C4583C8A911767C6BF
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:08
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-05 21:08:09
Modified time: 2014-05-31 01:46:17
MD5: 0FD603399933153C94D195C5582714D1
SHA1: 6932885DBB0BB94978B18654CBAAB17C135E3A9C
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File18"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData\\2013-06-16 23_55_25_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File19"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_37_48_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File20"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File21"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData\\2013-06-17 07_50_43_RpData~.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File22"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File23"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File24"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File25"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\Communication.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File26"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\InstallUtility.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File27"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0\\log.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder28"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair\\Hotfix"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder29"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins\\Plugin.LeakRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder30"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder31"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder32"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder33"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\sysopt"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder34"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder35"="C:\\ProgramData\\BAIDU SECURITY\\PC FASTER"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder36"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder37"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\1.19.0.2"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder38"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\PopMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder39"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\RpData"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder40"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run\\Disable"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder41"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder42"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder43"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder44"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK\\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder45"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall\\Baidu PC Faster Uninstall HK"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder46"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29\\Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder47"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER\\3.2.0.29"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder48"="C:\\Users\\Luana\\AppData\\Roaming\\BAIDU SECURITY\\PC FASTER"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=188 folders=65 63300751 bytes)
==== EOF on 05/06/2014 at 18:37:01,13 ======================
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 18:56
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 19:15
Relatório do ZHP!
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 19:12:14)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/414
~ Mon Bureau (My Desktop) : 2/647
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3276]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4876]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
M3 - MFPP: Plugins - [Luana] -- C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\clikseguro.xml
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Update gooternet (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe (.not file.)
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{1EF48421-32B7-47BE-951C-D5BC63ED780C}] (...) -- C:\Users\Luana\Downloads\Nero-12.0.02900_trial.exe (.not file.) [0]
[MD5.EE5F9B1263BEE66265E481100EE3DF35] [APT] [{99C87BA5-D488-40E3-AE19-3322E5ECB2EC}] (.BluetoothInstaller.com.) -- C:\Users\Luana\Downloads\BluetoothDriverInstaller.exe [1904640]
[MD5.00000000000000000000000000000000] [APT] [{DC346134-58B6-409B-AD64-0EFDDC755C9A}] (...) -- c:\users\Luana\appdata\local\lollipop\lollipop_04200344.bat (.not file.) [0] =>Adware.Lollipop
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys =>PUP.LinkiDoo
~ Drivers: 90 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\360Safe]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 172 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 10/01/2014 - 17:03:48 - [] ----D C:\Users\Luana\AppData\Roaming\360safe
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 151 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results.log [10529]
O44 - LFC:[MD5.8E9780DE38A935BEA8361E800816C09A] - 22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.A4EFC721E5AFB71B2E6B1161A1F4162F] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O44 - LFC:[MD5.B9AC5F00F68ECA1AEC09321EEFFF78D6] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O44 - LFC:[MD5.3D38CFC96FEBBD7F6D88E4C7CFE8E377] - 30/05/2014 - 22:46:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O44 - LFC:[MD5.DFA0FDB9CBAACE5321EA107E5B48D5B2] - 30/05/2014 - 22:46:39 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O44 - LFC:[MD5.FCA87A5233106355F24C550A4EB746E4] - 30/05/2014 - 22:46:49 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 24 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 22/05/2014 - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) .(.StdLib - StdLib.) - LEGACY_{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW =>PUP.LinkiDoo
~ Legacy: 98 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS =>PUP.Storimbo
~ BTK: 295 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\360Safe] =>Trojan.Lozavita
~ Additionnel Scan: 258821 Items scanned in 00mn 54s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Storimbo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.USyndication
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 10 link(s) detected in 00mn 00s
~ 702 Legitimates filtered by white list
End of the scan (518 lines in 02mn 01s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 19:12:14)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/414
~ Mon Bureau (My Desktop) : 2/647
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3276]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4876]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
M3 - MFPP: Plugins - [Luana] -- C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\searchplugins\clikseguro.xml
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
O23 - Service: Update gooternet (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe (.not file.)
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{1EF48421-32B7-47BE-951C-D5BC63ED780C}] (...) -- C:\Users\Luana\Downloads\Nero-12.0.02900_trial.exe (.not file.) [0]
[MD5.EE5F9B1263BEE66265E481100EE3DF35] [APT] [{99C87BA5-D488-40E3-AE19-3322E5ECB2EC}] (.BluetoothInstaller.com.) -- C:\Users\Luana\Downloads\BluetoothDriverInstaller.exe [1904640]
[MD5.00000000000000000000000000000000] [APT] [{DC346134-58B6-409B-AD64-0EFDDC755C9A}] (...) -- c:\users\Luana\appdata\local\lollipop\lollipop_04200344.bat (.not file.) [0] =>Adware.Lollipop
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys =>PUP.LinkiDoo
~ Drivers: 90 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\360Safe]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 172 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 10/01/2014 - 17:03:48 - [] ----D C:\Users\Luana\AppData\Roaming\360safe
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 151 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results.log [10529]
O44 - LFC:[MD5.8E9780DE38A935BEA8361E800816C09A] - 22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.A4EFC721E5AFB71B2E6B1161A1F4162F] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O44 - LFC:[MD5.B9AC5F00F68ECA1AEC09321EEFFF78D6] - 30/05/2014 - 22:46:30 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O44 - LFC:[MD5.3D38CFC96FEBBD7F6D88E4C7CFE8E377] - 30/05/2014 - 22:46:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O44 - LFC:[MD5.DFA0FDB9CBAACE5321EA107E5B48D5B2] - 30/05/2014 - 22:46:39 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O44 - LFC:[MD5.FCA87A5233106355F24C550A4EB746E4] - 30/05/2014 - 22:46:49 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 24 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:23/05/2014 - 04:40:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:09/05/2014 - 06:31:03 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [155968]
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:22/05/2014 - 18:26:52 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys [52928] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 22/05/2014 - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) .(.StdLib - StdLib.) - LEGACY_{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW =>PUP.LinkiDoo
~ Legacy: 98 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32 =>PUP.Storimbo
HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS =>PUP.Storimbo
~ BTK: 295 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (Update gooternet) . (...) - C:\Program Files\gooternet\updategooternet.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\360Safe] =>Trojan.Lozavita
~ Additionnel Scan: 258821 Items scanned in 00mn 54s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Storimbo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.USyndication
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 10 link(s) detected in 00mn 00s
~ 702 Legitimates filtered by white list
End of the scan (518 lines in 02mn 01s)(0)
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 19:35
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:C:\Program Files\gooternet\updategooternet.exe
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
Última edição por Power Max em Qui 05 Jun 2014, 20:52, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 20:08
Power, não consegui localizar a pasta gooternet! =/
Segue relatório do ZHP!
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:05:36
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 07s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BNBASE Parado
{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS
ELIMINÉ: HKCU\Software\usyndication.com
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\luana\appdata\roaming\mozilla\firefox\profiles\4kkcyftl.default\searchplugins\clikseguro.xml
ELIMINÉ: c:\windows\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}gw.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bnbasex.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (17) (1.465.389 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {1EF48421-32B7-47BE-951C-D5BC63ED780C}
ELIMINÉ: {99C87BA5-D488-40E3-AE19-3322E5ECB2EC}
ELIMINÉ: {DC346134-58B6-409B-AD64-0EFDDC755C9A}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
10 : Ficheiros
2 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 31s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [2951]
Segue relatório do ZHP!
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:05:36
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 07s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BNBASE Parado
{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}GW Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AskInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASDLG
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\bdMiniDownloader_NoUI_BR_Softonic_32_300_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SmartbarExeInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilStorimbo_RASMANCS
ELIMINÉ: HKCU\Software\usyndication.com
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\luana\appdata\roaming\mozilla\firefox\profiles\4kkcyftl.default\searchplugins\clikseguro.xml
ELIMINÉ: c:\windows\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}gw.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bnbasex.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (17) (1.465.389 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {1EF48421-32B7-47BE-951C-D5BC63ED780C}
ELIMINÉ: {99C87BA5-D488-40E3-AE19-3322E5ECB2EC}
ELIMINÉ: {DC346134-58B6-409B-AD64-0EFDDC755C9A}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
10 : Ficheiros
2 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 31s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [2951]
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 20:13
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 05 Jun 2014, 20:53, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 20:16
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luana on 05/06/2014 at 20:15:31,41.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes
C:\zoek-results2014-06-05-213701.log 10529 bytes
==== VirusTotal Scan ======================
C:\Program Files\gooternet\updategooternet.exe not found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=188 folders=65 63300751 bytes)
==== EOF on 05/06/2014 at 20:16:01,78 ======================
Tool run by Luana on 05/06/2014 at 20:15:31,41.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luana\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-05-012230.log 31719 bytes
C:\zoek-results2014-06-05-040057.log 27059 bytes
C:\zoek-results2014-06-05-211404.log 29913 bytes
C:\zoek-results2014-06-05-213701.log 10529 bytes
==== VirusTotal Scan ======================
C:\Program Files\gooternet\updategooternet.exe not found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=188 folders=65 63300751 bytes)
==== EOF on 05/06/2014 at 20:16:01,78 ======================
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 20:20
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 20:25
Segue.... =)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 20:22:13)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/415
~ Mon Bureau (My Desktop) : 2/648
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 03s
---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3516]
[MD5.352E8561E633B17ED22012366721FFDC] - (...) -- C:\Users\Luana\Downloads\zoek.exe [1285120] [PID.2476]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4540]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (. - .) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 144 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 150 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results2014-06-05-213701.log [10529]
O44 - LFC:[MD5.6732FF0A0175ABA71D6A46819DD8AADD] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\runcheck.txt [532]
O44 - LFC:[MD5.DDF921B426A0C770FEA1A859E12C651F] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\zoek-results.log [811]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 16 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
~ Legacy: 98 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 284 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 257703 Items scanned in 00mn 50s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
~ MSI: 1 link(s) detected in 00mn 00s
~ 656 Legitimates filtered by white list
End of the scan (468 lines in 02mn 02s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Luana (05/06/2014 20:22:13)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.5
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3034 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 218 GB (73%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUANA-PC
~ User Name: Luana
~ All Users Names: Luana, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luana\AppData\Roaming\
~ %Desktop% : C:\Users\Luana\Desktop\
~ %Favorites% : C:\Users\Luana\Favorites\
~ %LocalAppData% : C:\Users\Luana\AppData\Local\
~ %StartMenu% : C:\Users\Luana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 218 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/6214
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/28
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 14/415
~ Mon Bureau (My Desktop) : 2/648
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 03s
---\\ Processos lançados
[MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Componente de Entrada de Caneta e Toque da.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1424]
[MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.1808]
[MD5.F9EF088D57DDFC6AE735F4D73FC902EF] - (.Wacom Technology, Corp. - Touch User Mode Driver.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe [2953584] [PID.1896]
[MD5.2AE7DC03B58F39AA6D1E0E76E86E92D9] - (.Wacom Technology, Corp. - Tablet user module for consumer driver.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe [1153392] [PID.2444]
[MD5.1F1DBDB8943CE3921C4275EA3C9E0508] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2172]
[MD5.EE45C779FA1193482EAF5F15C453F6D7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2120]
[MD5.A1728F7F9B4D013489D18069A9A84903] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2224]
[MD5.5628CEA24E088AA2E61E2BCC476C59B0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1668]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2360]
[MD5.C111FFD56FF6F5E15266A55057487102] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [233472] [PID.3044]
[MD5.9C1C80BBF8E6044980890E2D2D91091C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [83608] [PID.1504]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2968]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.3588]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.3716]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.3956]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.1208]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.3336]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.2964]
[MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Servidor de Personalização de Entrada.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.4656]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.4920]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.5572]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3544]
[MD5.6B5F935BA41C18F58EFB4D15A4F8F0C5] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe [272024] [PID.2556]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3516]
[MD5.352E8561E633B17ED22012366721FFDC] - (...) -- C:\Users\Luana\Downloads\zoek.exe [1285120] [PID.2476]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8020480] [PID.4540]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Profiles\4kkcyftl.default\prefs.js
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
O2 - BHO: MP3 Rocket Downloader - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} . (...) -- mscoree.dll (.not file.)
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar [Luana]: PriceGong Contact Us.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>Adware.PriceGong
~ Global Startup: 1 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{D95F6D68-4256-4D74-B833-1EBD0464E9B5}: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.1.114 201.17.1.92 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 57bee59e-6b28-4de1-9759-1130456bf70d [510]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c9954d10-cbe9-4ac5-ad09-9a260cbc57ac [510]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw) . (. - .) - C:\Windows\System32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: MP3 Rocket - (...) [HKLM] -- MP3 Rocket
~ Logic: 14 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\IncrediMail]
[HKLM\Software\AutoHelpDesk]
~ Key Software: 144 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/04/2013 - 22:19:15 - [] ----D C:\Program Files\MP3 Rocket
O43 - CFD: 26/04/2013 - 22:18:44 - [] ----D C:\Program Files\MP3 Rocket Downloader
O43 - CFD: 01/06/2014 - 23:39:13 - [] ----D C:\Program Files\Scpad
O43 - CFD: 29/05/2014 - 18:09:10 - [] ----D C:\Users\Luana\AppData\Roaming\MP3Rocket
O43 - CFD: 10/01/2014 - 15:43:15 - [0] ----D C:\Users\Luana\AppData\Roaming\videos
~ Program Folder: 150 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AF999D8E9A2896CFA482043E0B412546] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.BA173E79D5035BD3AE5CD629F1F8B933] - 02/06/2014 - 11:36:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 04/06/2014 - 23:57:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC513A75FB9C2990CAD59F07FF86D0A5] - 05/06/2014 - 00:04:31 ---A- . (...) -- C:\Windows\ODBC.INI [418]
O44 - LFC:[MD5.6009F2A8FC34D0E84D2C38AFFC41FB95] - 05/06/2014 - 01:00:57 ---A- . (...) -- C:\zoek-results2014-06-05-040057.log [27059]
O44 - LFC:[MD5.A05DC59968D1EA0843209404C4C24D5C] - 05/06/2014 - 18:14:04 ---A- . (...) -- C:\zoek-results2014-06-05-211404.log [29913]
O44 - LFC:[MD5.7C41E58E05480DF1A30BFFBFB1BC89A8] - 05/06/2014 - 18:37:01 ---A- . (...) -- C:\zoek-results2014-06-05-213701.log [10529]
O44 - LFC:[MD5.6732FF0A0175ABA71D6A46819DD8AADD] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\runcheck.txt [532]
O44 - LFC:[MD5.DDF921B426A0C770FEA1A859E12C651F] - 05/06/2014 - 20:16:01 ---A- . (...) -- C:\zoek-results.log [811]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/05/2014 - 22:46:59 ---A- . (...) -- C:\Windows\System32\config.ini [29]
~ Files: 16 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/05/2014 - 23:32:41 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:10/01/2014 - 16:23:35 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:24/02/2014 - 15:37:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/04/2014 - 13:16:51 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/01/2014 - 16:23:37 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 24/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 10/01/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
~ Legacy: 98 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.43F069EFF41CDDFF632DA55A3651B591] [SPRF][08/05/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins000.dat [16769]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][08/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins000.exe [720082]
[MD5.1ADC158D8488C1D8D815F300E896044F] [SPRF][02/06/2014] (...) -- C:\Users\Luana\AppData\Roaming\unins001.dat [15533]
[MD5.17045F3F17896B4C04EB16FAD0551221] [SPRF][02/06/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Luana\AppData\Roaming\unins001.exe [730834]
[MD5.CE723C341F7B78C6FD3A74CAA70ECE56] [SPRF][15/04/2012] (...) -- C:\Users\Luana\Desktop\jre-6u1-windows-i586-p-s.exe [13801120]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_F91D44FAA5479127_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 284 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 21/10/2010 4869488 | (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
SR - | Auto 21/10/2010 416112 | (TouchServicePen) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 257703 Items scanned in 00mn 50s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PriceGong
~ MSI: 1 link(s) detected in 00mn 00s
~ 656 Legitimates filtered by white list
End of the scan (468 lines in 02mn 02s)(0)
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Re: Baidu persistente na remoção!
por Power Max Qui 05 Jun 2014, 20:31
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
Última edição por Power Max em Qui 05 Jun 2014, 20:53, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 20:34
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:33:39
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 14s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (13) (1.362.328 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 30s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [3031]
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/06/2014 20:33:54 [1275]
Fichier d'export Registre :
Run by Luana at 05/06/2014 20:33:39
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 14s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}Gw
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (13) (1.362.328 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 30s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/06/2014 20:05:43 [3031]
C:\Users\Luana\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/06/2014 20:33:54 [1275]
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu persistente na remoção!
por Lua Monteiro Qui 05 Jun 2014, 20:48
Eu reiniciei, aparentemente tudo certo!
Agora, dei uma olhadinha no registro pesquisei por Baidu e apareceu isso, normal?
Agora, dei uma olhadinha no registro pesquisei por Baidu e apareceu isso, normal?
Lua Monteiro- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 04/06/2014
Página 1 de 2 • 1, 2
Tópicos semelhantesPágina 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|