Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35112 mensagens em 3557 assuntos
Últimos assuntos
» Notebook Travando!
por RS_Computadores Hoje à(s) 10:37

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


CE UmbrellaCert

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

CE UmbrellaCert

Mensagem por Delcides Cortello em Seg 16 Jun 2014, 10:33

Olá amigos, bom dia!
Por favor. me ajudem a remover esta praga do meu PC (CE UmbrellaCert). Já tentei ZHP Fix, ADW Cleaner, JunkWare Zoek e nada. Segue relatório do Zoek e ADW.


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by famlia on 16/06/2014 at  4:04:10,22.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck  4:07:16,40 =====

--- Create Environment Variables  4:07:19,46
--- Create System Restore Point  4:07:54,20
--- Checking Input  4:08:22,24
--- Reset Hosts File  4:08:28,87
--- AU AppData Check  4:08:32,21
--- Remove From Windows Installer  4:08:41,10
--- IE Startpage Check  4:10:17,06
--- Program Files DB Check  4:11:02,75
--- C:\Users\Default\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\Default User\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\famlia\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\USURIO~1\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\system32\config\systemprofile\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\famlia DB Check  4:17:22,01
--- C:\PROGRA~2 DB Check  4:17:59,66
--- C:\Users\Default\AppData\Local DB Check  4:18:01,56
--- C:\Users\Default User\AppData\Local DB Check  4:18:01,56
--- C:\Users\famlia\AppData\Local DB Check  4:18:01,56
--- C:\Users\wangzhisong\AppData\Local DB Check  4:18:01,56
--- C:\Users\USURIO~1\AppData\Local DB Check  4:18:01,56
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check  4:18:01,56
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check  4:18:01,56
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check  4:18:01,56
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  4:21:30,13
--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  4:21:48,74
--- Tasks DB Check  4:21:59,71
--- Downloads DB Check  4:22:06,84
--- C:\Users\famlia\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check  4:22:17,47
--- Tasks2 DB Check  4:24:06,31
--- Documents DB Check  4:24:51,80
--- C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default DB Check  4:25:03,27
--- C:\Users\famlia\Desktop DB Check  4:25:10,55
--- Services DB Check  4:25:26,07
--- FF prefs.js DB Check  4:25:43,70
--- Del by CLSID  4:26:52,38
--- Delete Services  4:27:52,08
--- Firefox Fix  4:27:59,88



# AdwCleaner v3.212 - Relatório criado 13/06/2014 às 17:16:57
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
Serviço Encontrado : CltMngSvc
Serviço Encontrado : hlnfd
Serviço Encontrado : NewPlayerUpdaterService
Serviço Encontrado : pricemeterliveUpdate
Serviço Encontrado : pricemeterliveUpdatem
Serviço Encontrado : Update webget

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\END
Arquivo Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\aps.uninstall.scan.results
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\searchplugins\Mysearchdial.xml
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\searchplugins\trovi-search.xml
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\user.js
Arquivo Encontrado : C:\Users\famlia\daemonprocess.txt
Arquivo Encontrado : C:\Users\famlia\Desktop\Mobogenie.lnk
Arquivo Encontrado : C:\Users\Public\Desktop\Advanced System Protector.lnk
Arquivo Encontrado : C:\Users\Public\Desktop\NewPlayer.lnk
Arquivo Encontrado : C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
Arquivo Encontrado : C:\Windows\system32\roboot.exe
Arquivo Encontrado : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Encontrado : C:\Windows\System32\Tasks\AmiUpdXp
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP1
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP2
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP3
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Encontrado : C:\Windows\System32\Tasks\Dealply
Arquivo Encontrado : C:\Windows\System32\Tasks\Digital Sites
Arquivo Encontrado : C:\Windows\System32\Tasks\DigitalSite
Arquivo Encontrado : C:\Windows\System32\Tasks\LaunchApp
Arquivo Encontrado : C:\Windows\System32\Tasks\MetaCrawler
Arquivo Encontrado : C:\Windows\System32\Tasks\PCHelpers_period
Arquivo Encontrado : C:\Windows\System32\Tasks\PCHelpers1st
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterdownloader
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterUpdater
Arquivo Encontrado : C:\Windows\Tasks\AmiUpdXp.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP1.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP2.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP3.job
Arquivo Encontrado : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Encontrado : C:\Windows\Tasks\Dealply.job
Arquivo Encontrado : C:\Windows\Tasks\Digital Sites.job
Arquivo Encontrado : C:\Windows\Tasks\DigitalSite.job
Arquivo Encontrado : C:\Windows\Tasks\MetaCrawler.job
Arquivo Encontrado : C:\Windows\Tasks\PCHelpers_period.job
Arquivo Encontrado : C:\Windows\Tasks\PCHelpers1st.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterUpdater.job
Pasta Encontrado : C:\Program Files\002
Pasta Encontrado : C:\Program Files\Advanced System Protector
Pasta Encontrado : C:\Program Files\AmiExt
Pasta Encontrado : C:\Program Files\BonanzaDealsLive
Pasta Encontrado : C:\Program Files\DealPly
Pasta Encontrado : C:\Program Files\DealPlyLive
Pasta Encontrado : C:\Program Files\Freeven pro 1.2
Pasta Encontrado : C:\Program Files\globalUpdate
Pasta Encontrado : C:\Program Files\Iminent
Pasta Encontrado : C:\Program Files\Mobogenie
Pasta Encontrado : C:\Program Files\NewPlayer
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\PriceMeterLiveUpdate
Pasta Encontrado : C:\Program Files\RichMediaViewV1
Pasta Encontrado : C:\Program Files\RrFilter
Pasta Encontrado : C:\Program Files\SearchProtect
Pasta Encontrado : C:\Program Files\Software Updater
Pasta Encontrado : C:\Program Files\SupTab
Pasta Encontrado : C:\Program Files\webget
Pasta Encontrado : C:\ProgramData\Babylon
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\BonanzaDealsLive
Pasta Encontrado : C:\ProgramData\DealPlyLive
Pasta Encontrado : C:\ProgramData\IePluginService
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Pasta Encontrado : C:\ProgramData\PriceMeterLiveUpdate
Pasta Encontrado : C:\ProgramData\Systweak
Pasta Encontrado : C:\ProgramData\Tarma Installer
Pasta Encontrado : C:\ProgramData\WPM
Pasta Encontrado : C:\Users\famlia\AppData\Local\41
Pasta Encontrado : C:\Users\famlia\AppData\Local\BonanzaDealsLive
Pasta Encontrado : C:\Users\famlia\AppData\Local\DealPlyLive
Pasta Encontrado : C:\Users\famlia\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\famlia\AppData\Local\Mobogenie
Pasta Encontrado : C:\Users\famlia\AppData\Local\NewPlayer
Pasta Encontrado : C:\Users\famlia\AppData\Local\PriceMeterLiveUpdate
Pasta Encontrado : C:\Users\famlia\AppData\Local\SearchProtect
Pasta Encontrado : C:\Users\famlia\AppData\Local\Systweak
Pasta Encontrado : C:\Users\famlia\AppData\Local\Temp\AirInstaller
Pasta Encontrado : C:\Users\famlia\AppData\Local\Temp\webget
Pasta Encontrado : C:\Users\famlia\AppData\LocalLow\Delta
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\0D0S1L2Z1P1B
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Activeris
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\DigitalSites
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\eCyber
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\iSafe
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Optimizer Elite Max
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\PriceMeterUpdater
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\sweet-page
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Systweak
Pasta Encontrado : C:\Users\famlia\Documents\Mobogenie
Pasta Encontrado : C:\Users\famlia\Documents\PC Health Kit
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\wangzhisong\AppData\Local\Mobogenie

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AmiExt
Chave Encontrada : HKCU\Software\AnyProtect
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Encontrada : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Encontrada : HKCU\Software\AVG Secure Search
Chave Encontrada : HKCU\Software\BabSolution
Chave Encontrada : HKCU\Software\BI
Chave Encontrada : HKCU\Software\BonanzaDeals
Chave Encontrada : HKCU\Software\BonanzaDealsLive
Chave Encontrada : HKCU\Software\DataMngr
Chave Encontrada : HKCU\Software\DataMngr_Toolbar
Chave Encontrada : HKCU\Software\DealPlyLive
Chave Encontrada : HKCU\Software\Delta
Chave Encontrada : HKCU\Software\dsiteproducts
Chave Encontrada : HKCU\Software\FreeSoftToday
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKCU\Software\Iminent
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Package Packages
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Chave Encontrada : HKCU\Software\Optimizer Pro
Chave Encontrada : HKCU\Software\PC Health Kit
Chave Encontrada : HKCU\Software\SmartBar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\SoftwareUpdater
Chave Encontrada : HKCU\Software\systweak
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : HKCU\Software\V9
Chave Encontrada : HKLM\SOFTWARE\5c55d8dfbd6aed49
Chave Encontrada : HKLM\Software\BonanzaDeals
Chave Encontrada : HKLM\Software\BonanzaDealsLive
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{363BB65D-1747-4826-B445-1DA6244E2037}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\DealPlyLive
Chave Encontrada : HKLM\Software\Delta
Chave Encontrada : HKLM\Software\Free_soft_today
Chave Encontrada : HKLM\Software\Freeven pro 1.2
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\Software\installedbrowserextensions
Chave Encontrada : HKLM\Software\iSafe
Chave Encontrada : HKLM\Software\LevelQualityWatcher
Chave Encontrada : HKLM\Software\Lightspark Team
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6812D4A4-7DE7-40B2-8964-E89868F6D667}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8BC6B6F-A766-4A8A-BE10-074FAD8CC9AA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE63EBEF-54AF-4E9A-BE3F-F92589BEB753}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DE69FB6-AC60-49F5-8E54-191495CE65EA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18B80C1B-75AB-4BF1-B2D5-A484DFB87275}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AB53836-FF8A-4FB4-82AC-D298797BA03C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{236F17AA-FF86-4C40-89F3-2DD981BDA45A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BD0F61-E4B5-4A59-B160-1E6857724DE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5BBCAD-AA43-4DFD-84C7-B4374516F6AE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54BB1ECE-4235-4458-AA2C-8BD2647D5528}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F29A3ED-B421-4A19-8F61-25848E634C80}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7265566-BDD8-45DF-9382-BCEE3DB29214}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C350F818-0B60-4873-9A38-1F271311792B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD8195D-5724-4F6F-86FB-7687DC1C5A8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E36945DA-942A-423A-B1D4-1B9198230969}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5C0BC95-BEC9-4D20-9D1B-652E5D227445}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E75CE395-4E24-404F-B47C-276B8CB6E8DB}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F309F914-870F-4B1A-A6E8-0A6FFA8A93C6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DE69FB6-AC60-49F5-8E54-191495CE65EA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18B80C1B-75AB-4BF1-B2D5-A484DFB87275}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB53836-FF8A-4FB4-82AC-D298797BA03C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{236F17AA-FF86-4C40-89F3-2DD981BDA45A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BD0F61-E4B5-4A59-B160-1E6857724DE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5BBCAD-AA43-4DFD-84C7-B4374516F6AE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54BB1ECE-4235-4458-AA2C-8BD2647D5528}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6812D4A4-7DE7-40B2-8964-E89868F6D667}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F29A3ED-B421-4A19-8F61-25848E634C80}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7265566-BDD8-45DF-9382-BCEE3DB29214}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8BC6B6F-A766-4A8A-BE10-074FAD8CC9AA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C350F818-0B60-4873-9A38-1F271311792B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE63EBEF-54AF-4E9A-BE3F-F92589BEB753}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD8195D-5724-4F6F-86FB-7687DC1C5A8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E36945DA-942A-423A-B1D4-1B9198230969}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5C0BC95-BEC9-4D20-9D1B-652E5D227445}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E75CE395-4E24-404F-B47C-276B8CB6E8DB}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F309F914-870F-4B1A-A6E8-0A6FFA8A93C6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Encontrada : HKLM\Software\NewPlayer
Chave Encontrada : HKLM\Software\RrSavings
Chave Encontrada : HKLM\Software\SearchProtect
Chave Encontrada : HKLM\Software\SupTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\sweet-pageSoftware
Chave Encontrada : HKLM\Software\systweak
Chave Encontrada : HKLM\Software\Tarma Installer
Chave Encontrada : HKLM\Software\Tutorials
Chave Encontrada : HKLM\Software\Wpm
Dados Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - [Você precisa estar registrado e conectado para ver este link.]

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha encontrada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha encontrada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha encontrada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Encontrada [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Encontrada [Extension] : flpcjncodpafbgdpnkljologafpionhb
Encontrada [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [39072 octets] - [13/06/2014 17:16:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [39133 octets] #######
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Seg 16 Jun 2014, 10:39

Oi Delcides.

No caso do Adwcleaner para executá-lo corretamente siga as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE UmbrellaCert

Mensagem por Delcides Cortello em Seg 16 Jun 2014, 13:52

Olá amigos, pelo que vi foram gerados 2 relatórios. Segue abaixo:

# AdwCleaner v3.212 - Relatório criado 16/06/2014 às 10:57:27
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner (2).exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\Users\Public\Documents\baidu

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha encontrada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha encontrada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha encontrada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [39214 octets] - [13/06/2014 17:16:57]
AdwCleaner[R1].txt - [2485 octets] - [13/06/2014 18:06:45]
AdwCleaner[R2].txt - [2608 octets] - [15/06/2014 23:09:38]
AdwCleaner[R3].txt - [2086 octets] - [16/06/2014 10:57:27]
AdwCleaner[S0].txt - [37048 octets] - [13/06/2014 17:19:38]
AdwCleaner[S1].txt - [2515 octets] - [13/06/2014 18:08:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2267 octets] ##########


# AdwCleaner v3.212 - Relatório criado 16/06/2014 às 10:58:29
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner (2).exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha deletada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha deletada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

*************************

AdwCleaner[R0].txt - [39214 octets] - [13/06/2014 17:16:57]
AdwCleaner[R1].txt - [2485 octets] - [13/06/2014 18:06:45]
AdwCleaner[R2].txt - [2608 octets] - [15/06/2014 23:09:38]
AdwCleaner[R3].txt - [2347 octets] - [16/06/2014 10:57:27]
AdwCleaner[S0].txt - [37048 octets] - [13/06/2014 17:19:38]
AdwCleaner[S1].txt - [2515 octets] - [13/06/2014 18:08:15]
AdwCleaner[S2].txt - [3784 octets] - [16/06/2014 10:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3844 octets] ##########
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Seg 16 Jun 2014, 15:35

 No seu PC está constando instalado o antivirus Baidu. Você quer desinstalá-lo ou quer continuar com ele?

Seja qual for a sua resposta para a pergunta acima, faça este procedimento abaixo:

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Qua 18 Jun 2014, 01:37


Segue relatório do Zoek.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 16/06/2014 at 16:13:09,96.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek (2).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes

==== System Restore Info ======================

16/06/2014 16:14:21 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\famlia\.android deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Baidu deleted
C:\Users\famlia\AppData\Local\BITD0A7.tmp deleted
C:\Users\famlia\AppData\Local\nslFDC0.tmp deleted
C:\Users\famlia\AppData\Local\hosts deleted
C:\Users\famlia\AppData\Local\avgchrome deleted
C:\Users\famlia\AppData\Local\cache deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (1).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (2).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (3).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup.exe deleted
C:\Users\famlia\Downloads\SoftonicDownloader_para_microsoft-office-2007-service-pack-1.exe deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Users\wangzhisong deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
"C:\Users\famlia\AppData\Local\{B72A09A8-3238-49CB-B0C1-1431D1BCEDE4}" deleted
"C:\Users\famlia\AppData\Local\{C480797A-FCC4-4553-9245-A666A491A0AE}" deleted

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-08-18 07:46:14 2013-11-21 16:42:09 -------- d-----w- C:\Program Files\Baidu Security
2013-11-21 16:42:09 2014-06-16 19:09:47 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\ProgramData\Baidu Security
2013-11-21 16:42:17 2013-11-21 16:42:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\Users\All Users\Baidu Security
2013-11-21 16:42:17 2013-11-21 16:42:17 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-11-21 16:33:38 2013-11-21 16:33:38 -------- d-----w- C:\Users\famlia\AppData\Local\Temp\baidu_secure
2013-08-18 07:46:24 2013-08-18 07:46:24 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security
2013-12-24 03:37:36 2013-12-24 03:37:36 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-24 03:37:37 2013-12-24 03:37:38 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-24 03:37:40 2013-12-24 03:37:40 -------- d-----w- C:\Users\famlia\Documents\Baidu Security
2014-06-16 14:00:49 2014-06-16 14:00:49 -------- d-----w- C:\Users\Public\Documents\Baidu
2013-11-08 23:41:25 2013-11-11 17:44:33 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu

==== Files Found ======================


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 8BBF42A26C88190BDD1A68B6861A160E
SHA1: 65C2E78E1E41BB0554D9C2D16214215676642F02


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 8BBF42A26C88190BDD1A68B6861A160E
SHA1: 65C2E78E1E41BB0554D9C2D16214215676642F02


--- C:\Users\famlia\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.7.1.41942
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 10485488
Created time: 2013-11-08 23:37:33
Modified time: 2013-11-08 23:37:33
MD5: FCDDA1F1EE22BB14060FD553CB3A4048
SHA1: 06D14594FFE985E1E529EE87B3E2AAA04F937F02


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1160
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 9E6160DA884C2E7AAC6A89ED64DD2E9F
SHA1: CFB4DDC7CBC9C213B62672F2E395AEE9897ACA67


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-13 01-29-59-0140-[23591].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-16 01-00-14-0513-[29999].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-20 01-56-47-0485-[5017].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-03-15-0555-[28041].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-03 02-06-58-0606-[14896].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-37-00-0500-[8759].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-55-07-0550-[21251].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-43-30-0218-[28976].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-24 02-49-46-0244-[8085].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-26 02-28-18-0264-[12870].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-05-28-0684-[3611].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-47-09-0071-[15456].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-25-26-0562-[21202].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-32-01-0508-[22491].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-10 03-08-05-0276-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27BC4BB-38AC-41DA-8D8A-FCFB6FC1B622}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@RichMediaViewV1release4262.net"="C:\Program Files\RichMediaViewV1\RichMediaViewV1release4262\ff" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
6E594B2243C3F218A51234F18E7F36C1 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\famlia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
8006FC6A9A7C3168EF15DBA842C3AFC5 - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll - Silverlight Plug-In
C04B0BCA15F30CF7D68E7733997EA90B - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]
lmffckjinakgcgldhdgjdakahpdejgdp - C:\Program Files\RichMediaViewV1\RichMediaViewV1release4262\ch\RichMediaViewV1release4262.crx[]

Google Docs - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
PDF Viewer - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm
Gmail - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007-service-pack-1.softonic.com.br_0.localstorage deleted successfully
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2010.softonic.com.br_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=bav_pro_hp_01_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=bav_pro_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} PSafe ClikSeguro Url="http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1973d53b-7311-45d7-8270-f44571c041a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1973d53b-7311-45d7-8270-f44571c041a0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@flashenhancer.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@RichMediaViewV1release4262.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\famlia\Desktop\AdwCleaner (1) - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner (1).exe
C:\Users\famlia\Desktop\AdwCleaner (2) - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner (2).exe
C:\Users\famlia\Desktop\AdwCleaner - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner.exe
C:\Users\famlia\Desktop\Continuar a Instalação de Skype.lnk -
C:\Users\famlia\Desktop\Continue Download Manager Installation.lnk - C:\Users\famlia\AppData\Local\Temp\ICReinstall_DownloadManagerSetup (3).exe /RR
C:\Users\famlia\Desktop\JRT - Atalho.lnk - C:\Users\famlia\Downloads\JRT.exe
C:\Users\famlia\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\famlia\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\famlia\Desktop\zoek (2) - Atalho.lnk - C:\Users\famlia\Downloads\zoek (2).exe
C:\Users\famlia\Desktop\zoek - Atalho.lnk - C:\Users\famlia\Downloads\zoek.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced File Optimizer.lnk - C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 3050 J610 series.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverterLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Registrar.lnk - C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Verificar atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk - C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk - C:\Program Files\Haali\MatroskaSplitter\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\famlia\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\famlia\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Desinstalar.lnk - C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk - C:\Program Files\Xvid\MiniConvert.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\xvid_encraw.lnk - C:\Windows\system32\cmd.exe /k ""C:\Program Files/Xvid\xvid_encraw.exe"" -h
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk - C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:52134;https=127.0.0.1:52134;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lmffckjinakgcgldhdgjdakahpdejgdp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeWDS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCake Desktop deleted successfully

==== Empty IE Cache ======================

C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGV16UW will be deleted at reboot
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMV1ILQY will be deleted at reboot
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\famlia\AppData\Local\Mozilla\Firefox\Profiles\isyhr1bp.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2050 folders=29 46505727 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\famlia\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\famlia\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGV16UW" not found
"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMV1ILQY" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 16/06/2014 at 16:38:54,14 ======================
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Qua 18 Jun 2014, 09:32

Faltou você responder a pergunta: No seu PC está constando instalado o antivirus Baidu. Você quer desinstalá-lo ou quer continuar com ele?
_______________________________________________________________________________________________________________

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que está salvo em sua área de trabalho com o nome de JRT.txt

Mas caso você já tenha excluído este relatório, execute novamente o Junkware seguindo as dicas deste tutorial abaixo e depois disto poste o novo relatório que ele irá criar:
[Você precisa estar registrado e conectado para ver este link.]

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Qua 18 Jun 2014, 12:07


Vou desinstalar.
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Qua 18 Jun 2014, 12:10

DELCIDES CORTELLO escreveu:
Vou desinstalar.
Ok, depois de desinstalá-lo poste por gentileza o relatório do Junkware Removal Tool.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Qua 18 Jun 2014, 12:15


Tenho o relatório do dia 15/06, pode ser?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by famlia on 15/06/2014 at 23:26:53,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"



~~~ FireFox

Successfully deleted: [File] C:\Users\famlia\AppData\Roaming\mozilla\firefox\profiles\isyhr1bp.default\user.js
Successfully deleted the following from C:\Users\famlia\AppData\Roaming\mozilla\firefox\profiles\isyhr1bp.default\prefs.js

user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay
user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/06/2014 at 23:33:46,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Qua 18 Jun 2014, 12:17

Ok, pode ser este mesmo. Quando você terminar de desinstalar o Baidu você me avisa.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Qua 18 Jun 2014, 14:36


Ok, já foi desinstalado.
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Qua 18 Jun 2014, 15:05

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

Baidu;z
Baidu;a


*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Qui 19 Jun 2014, 17:56


Segue relatório.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 19/06/2014 at 15:54:29,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-08-18 07:46:14 2013-11-21 16:42:09 -------- d-----w- C:\Program Files\Baidu Security
2013-11-21 16:42:09 2014-06-18 18:36:35 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-16 19:38:38 2014-06-16 19:38:38 -------- d-----w- C:\ProgramData\Baidu
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-16 19:38:38 2014-06-16 19:38:38 -------- d-----w- C:\Users\All Users\Baidu
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-18 16:42:11 2014-06-18 16:42:11 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu
2013-08-18 07:46:24 2013-08-18 07:46:24 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security
2014-06-18 16:42:11 2014-06-18 16:45:06 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu\Baidu Antivirus
2013-12-24 03:37:36 2013-12-24 03:37:36 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-24 03:37:37 2013-12-24 03:37:38 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-24 03:37:40 2013-12-24 03:37:40 -------- d-----w- C:\Users\famlia\Documents\Baidu Security
2014-06-16 14:00:49 2014-06-16 14:00:49 -------- d-----w- C:\Users\Public\Documents\Baidu
2013-11-08 23:41:25 2013-11-11 17:44:33 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu

==== Files Found ======================


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-13 01-29-59-0140-[23591].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-16 01-00-14-0513-[29999].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-20 01-56-47-0485-[5017].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-03-15-0555-[28041].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-03 02-06-58-0606-[14896].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-37-00-0500-[8759].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-55-07-0550-[21251].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-43-30-0218-[28976].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-24 02-49-46-0244-[8085].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-26 02-28-18-0264-[12870].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-05-28-0684-[3611].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-47-09-0071-[15456].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-25-26-0562-[21202].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-32-01-0508-[22491].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-10 03-08-05-0276-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2051 folders=32 46505727 bytes)

==== EOF on 19/06/2014 at 16:00:49,23 ======================
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Qui 19 Jun 2014, 22:03

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Sex 20 Jun 2014, 12:34


Segue relatório.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 20/06/2014 at 11:50:23,34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes
C:\zoek-results2014-06-19-190049.log 27187 bytes

==== System Restore Info ======================

20/06/2014 11:52:51 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu deleted
C:\ProgramData\Baidu Security deleted
C:\Users\famlia\AppData\Roaming\Baidu deleted
C:\Users\famlia\AppData\Roaming\Baidu Security deleted
C:\Users\famlia\Documents\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-20 14:54:15 2014-06-20 14:54:15 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-20 14:54:16 2014-06-20 14:54:16 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-20 14:54:16 2014-06-20 14:54:16 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-20 14:54:16 2014-06-20 14:54:27 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-20 14:54:31 2014-06-20 14:54:33 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-20 14:54:33 2014-06-20 14:54:45 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-20 14:54:49 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_Documents_Baidu Security
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-20 14:54:15 2014-06-20 14:54:15 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Microsoft_Windows_Cookies_famlia@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-20 14:54:52
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Microsoft_Windows_Cookies_famlia@pcfaster.baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2014-06-20 14:54:52
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2851 folders=101 570752700 bytes)

==== EOF on 20/06/2014 at 11:56:53,79 ======================
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Sex 20 Jun 2014, 12:39

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Sab 21 Jun 2014, 21:01


Segue relatório.


Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by famlia on 21/06/2014 at 19:12:08,40.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes
C:\zoek-results2014-06-19-190049.log 27187 bytes
C:\zoek-results2014-06-20-145653.log 31139 bytes

==== System Restore Info ======================

21/06/2014 19:14:34 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2851 folders=101 570752700 bytes)

==== EOF on 21/06/2014 at 19:15:29,49 ======================
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Sab 21 Jun 2014, 21:04

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

CE_UmbrellaCert

Mensagem por Delcides Cortello em Ter 24 Jun 2014, 00:17


Segue relatório do ZHP.


~ Relatório do ZHPDiag v2014.6.23.97 - Nicolas Coolman (23/06/2014)
~ Iniciado por famlia (24/06/2014 00:10:04)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4714
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (29%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMLIA-PC
~ User Name: famlia
~ All Users Names: HomeGroupUser$, famlia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\famlia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\famlia\AppData\Roaming\
~ %Desktop% : C:\Users\famlia\Desktop\
~ %Favorites% : C:\Users\famlia\Favorites\
~ %LocalAppData% : C:\Users\famlia\AppData\Local\
~ %StartMenu% : C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.15/01/2011 - 22:34:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.44214C94911C7CFB1D52CB64D5E8368D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/01/2011 - 22:32:56.) -- C:\Windows\System32\wininet.dll [980992]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.15/01/2011 - 22:32:05.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.15/01/2011 - 22:34:39.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/01/2011 - 22:33:52.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2011 - 22:32:12.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/01/2011 - 22:31:19.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/01/2011 - 22:33:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.15/01/2011 - 22:32:23.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.15/01/2011 - 22:33:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.15/01/2011 - 22:37:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.15/01/2011 - 22:32:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/129
~ Mes musiques (My Musics) : 196/2355
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 10/9735
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 21s



---\\ Processos lançados
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3436]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.3480]
[MD5.16AFB34618E1286FF856DC600AC49C79] - (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.3600]
[MD5.206402023C2098917082B5F76F1B4F51] - (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144] [PID.3736]
[MD5.8C46AD1E382018E0B4D6E31B9AB27E5C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [21445248] [PID.3888]
[MD5.711B371AF683DCE24CCE6D20822B72ED] - (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488] [PID.3900] =>PUP.ContentExplorer
[MD5.0F6D06A88A88007AAEE5F0EE1ECE42E4] - (...) -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe [70880] [PID.3948]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3076]
[MD5.79A2C7527829F70FD5E59287B700D47C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071168] [PID.4400]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49460;https=127.0.0.1:49460; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Advanced File Optimizer.lnk . (.Systweak - Advanced File Optimizer.) -- C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe =>PUP.AdvancedFileOptimizer
O4 - GS\QuickLaunch [famlia]: Advanced File Optimizer.lnk . (.Systweak - Advanced File Optimizer.) -- C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe =>PUP.AdvancedFileOptimizer
~ Global Startup: 2 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX Media Server Launcher.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [fst_br_127] Chave orfã
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\famlia\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\famlia\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.125 201.6.2.225
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: fpvoixdaog32 (fpvoixdaog32) . (...) - C:\Program Files\002\fpvoixdaog32.exe (.not file.) =>PUP.AdPeak
O23 - Service: Update Greener Web (Update Greener Web) . (...) - C:\Program Files\Greener Web\updateGreenerWeb.exe (.not file.) =>PUP.GreenerWeb
~ Services: 5 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [PerfMonitor_strtp] (...) -- C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe (.not file.) [0] =>PUP.OptimizerEliteMax
[MD5.B52C9369CFD0B07290AA3DEBA1599AB6] [APT] [{2F744ADD-C59B-4227-8374-7199B564FF4B}] (.Browser Opt-out.) -- C:\Users\famlia\Downloads\uninstall (1).exe [821760]
[MD5.00000000000000000000000000000000] [APT] [{5B1FF025-2C03-4DC2-8CF3-F5A38ED13B14}] (...) -- C:\Program Files\Easy Deals\Uninstall.exe (.not file.) [0] =>PUP.EasyDeals
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000UA [932]
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\Tasks\PerfMonitor_strtp.job [276]
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\System32\Tasks\PerfMonitor_strtp [276]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver: (360RegOem) . (.360安全中心 - 360RegOem.) - C:\Windows\system32\drivers\360RegOem.sys
O41 - Driver: (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw) . (...) - C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw) . (...) - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys
~ Drivers: 96 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Advanced File Optimizer - (.Systweak Software.) [HKLM] -- Advanced File Optimizer_is1 =>PUP.AdvancedFileOptimizer
O42 - Logiciel: BrowseBurst - (.BrowseBurst.) [HKLM] -- BrowseBurst
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Rich Media View - (.Rich Media View.) [HKLM] -- RichMediaViewV1release4262 =>PUP.MediaViewer
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BrowseBurst]
[HKCU\Software\BrowserOptout] =>PUP.Dealply
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\PCDataApp]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\360Safe]
[HKLM\Software\BrowserOptout] =>PUP.Dealply
[HKLM\Software\Easy Deals] =>PUP.EasyDeals
[HKLM\Software\Highlightly]
[HKLM\Software\PCDataApp]
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer
[HKLM\Software\RrFilter] =>PUP.SupraSavings
[HKLM\Software\hosts]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/01/2014 - 19:01:23 - [] ----D C:\Program Files\Advanced File Optimizer =>PUP.AdvancedFileOptimizer
O43 - CFD: 21/06/2014 - 17:25:35 - [] ----D C:\Program Files\BrowseBurst
O43 - CFD: 05/05/2014 - 00:15:05 - [0] ----D C:\Program Files\PCDApp =>Trojan.BitCoinMiner
O43 - CFD: 19/06/2014 - 17:54:00 - [] ----D C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 02/05/2014 - 23:34:44 - [] ----D C:\Users\famlia\AppData\Local\com
~ Program Folder: 138 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DDC0B6672AB7862A3C2D7AA2ADB6B645] - 13/06/2014 - 16:42:39 ---A- . (.No owner - Setup/Uninstall.) -- C:\Windows\unins000.exe [715038]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 13/06/2014 - 16:42:49 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.526B169E421FDE6E26CE2359030CCBC2] - 13/06/2014 - 16:43:07 ---A- . (...) -- C:\Windows\unins000.dat [1786]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [240640]
O44 - LFC:[MD5.5E8CD1804C1A035311F5DA9C1048F024] - 13/06/2014 - 16:44:23 ---A- . (...) -- C:\Windows\System32\xvid.ax [153088]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 13/06/2014 - 17:17:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.E189421D996E995725FEBEA039239FD0] - 16/06/2014 - 00:28:42 ---A- . (...) -- C:\zoek-results2014-06-16-032842.log [1475]
O44 - LFC:[MD5.0FB41E6788E68B4D45F59729CF972421] - 16/06/2014 - 03:52:58 ---A- . (...) -- C:\zoek-results2014-06-16-065258.log [1391]
O44 - LFC:[MD5.CB2206A3820B3BE39183DB2CD004AEAD] - 16/06/2014 - 04:27:59 ---A- . (...) -- C:\zoek-results2014-06-16-072759.log [1617]
O44 - LFC:[MD5.EB4B028119BF38D2DA51AFD33B57E91E] - 16/06/2014 - 16:38:54 ---A- . (...) -- C:\zoek-results2014-06-16-193854.log [58467]
O44 - LFC:[MD5.6FF687681D18DD0A9691C66D7231C449] - 18/06/2014 - 10:33:24 ---A- . (...) -- C:\Windows\DPINST.LOG [64680]
O44 - LFC:[MD5.89B955BAE99B00A63A8253D28B6BAE1E] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.18E625D35AFF15AFB5B79BF5465A0446] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.50EF4CB831C16093227729C83EC73739] - 19/06/2014 - 16:00:49 ---A- . (...) -- C:\zoek-results2014-06-19-190049.log [27187]
O44 - LFC:[MD5.50ABC193CF7DD29B7E0FE7C81D76604F] - 20/06/2014 - 11:34:10 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.7F5987B50B6A3EEA0F2C131DD827CB4E] - 20/06/2014 - 11:56:53 ---A- . (...) -- C:\zoek-results2014-06-20-145653.log [31139]
O44 - LFC:[MD5.1E99117FFEC609EE8C5C34688D7AF3C1] - 21/06/2014 - 19:15:29 ---A- . (...) -- C:\zoek-results.log [2479]
~ Files: 34 Legitimates Filtered in 00mn 09s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2197bc21-08d9-11e3-8c78-506313dd7f79}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/02/2014 - 14:45:54 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [47488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys [52928]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys [52928]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\System32\drivers\360HookOEM.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360RegOem.sys (360RegOem) .(.360安全中心 - 360RegOem.) - LEGACY_360REGOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\System32\drivers\360SpOEM.sys (360SpOEM) .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SPOEM
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(...) - LEGACY_BNBASE
O64 - Services: CurCS - 12/05/1744 - C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys (Spring) .(...) - LEGACY_SPRING
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw) .(...) - LEGACY_{890A8319-7C6F-45E4-A506-152B8D2D9310}GW
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw) .(...) - LEGACY_{A3F28269-AD17-41A8-B032-3E0313EF8979}GW
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32 =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32 =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASMANCS =>Adware.WebCake
~ BTK: 397 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
~ BCK: 4952 Legitimates Filtered in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (23/06/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 20

[HKLM\SYSTEM\CurrentControlSet\Services\fpvoixdaog32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Greener Web] =>PUP.GreenerWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced File Optimizer_is1] =>PUP.AdvancedFileOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release4262] =>PUP.MediaViewer^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AVG-Secure-Search-Update_1213b =>Toolbar.AVGSearch^
C:\Program Files\Advanced File Optimizer =>PUP.AdvancedFileOptimizer^
C:\Program Files\PCDApp =>Trojan.BitCoinMiner^
C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
[HKCU\Software\BrowserOptout] =>PUP.Dealply^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
[HKLM\Software\BrowserOptout] =>PUP.Dealply^
[HKLM\Software\Easy Deals] =>PUP.EasyDeals^
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer^
[HKLM\Software\RrFilter] =>PUP.SupraSavings^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
~ Additionnel Scan: 162238 Items scanned in 00mn 34s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.ContentExplorer
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Proxy
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdPeak
[Você precisa estar registrado e conectado para ver este link.] =>PUP.GreenerWeb
[Você precisa estar registrado e conectado para ver este link.] =>PUP.OptimizerEliteMax
[Você precisa estar registrado e conectado para ver este link.] =>PUP.EasyDeals
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Dealply
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Forumer
[Você precisa estar registrado e conectado para ver este link.] =>PUP.PriceMeter
[Você precisa estar registrado e conectado para ver este link.] =>PUP.weDownloadManager
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupraSavings
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.BitCoinMiner
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>Adware.SearchYa
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.SmartBar
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Downware
[Você precisa estar registrado e conectado para ver este link.] =>Adware.WebCake
~ MSI: 18 link(s) detected in 00mn 00s



~ 715 Legitimates filtered by white list
End of the scan (527 lines in 02mn 20s)(0)
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Ter 24 Jun 2014, 12:40

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Delcides Cortello em Ter 24 Jun 2014, 18:41


Agradeço pela dica.
Segue relatório do ZHPFix.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by famlia at 24/06/2014 18:37:06
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 10s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\advanced file optimizer\unins000.exe
AUSENTE Uninstall Process: c:\program files\browseburst\browseburstuninstall.exe
AUSENTE Uninstall Process: c:\users\famlia\appdata\roaming\contentexplorer\uninstall.exe

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe

========== Estado dos serviços ==========
360HOOKOEM Parado
360REGOEM Parado
360SPOEM Parado
BNBASE Parado
SPRING Parado
{890A8319-7C6F-45E4-A506-152B8D2D9310}GW Parado
{A3F28269-AD17-41A8-B032-3E0313EF8979}GW Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced File Optimizer_is1]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseBurst]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ Driver Key: 360SpOEM
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw
ELIMINÉ Driver Key: {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw
ELIMINÉ: HKCU\Software\BrowseBurst
ELIMINÉ: HKCU\Software\BrowserOptout
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\ForumerIT
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ: HKCU\Software\WeDlMngr
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\BrowserOptout
ELIMINÉ: HKLM\Software\Highlightly
ELIMINÉ: HKLM\Software\PCDataApp
ELIMINÉ: HKLM\Software\RichMediaViewV1
ELIMINÉ: HKLM\Software\RrFilter
ELIMINÉ: HKLM\Software\hosts
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASMANCS
ELIMINÉ: HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
ELIMINÉ: HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\advanced file optimizer.lnk
ELIMINÉ: c:\program files\advanced file optimizer\advancedfileoptimizer.exe
ELIMINÉ: c:\users\famlia\appdata\roaming\microsoft\internet explorer\quick launch\advanced file optimizer.lnk
ELIMINA REINICIAR: c:\users\famlia\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ: c:\windows\system32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}gw.sys
ELIMINÉ: c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}gw.sys
ELIMINÉ:** c:\users\famlia\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (Cool (22.529.414 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: PerfMonitor_strtp
ELIMINÉ: {2F744ADD-C59B-4227-8374-7199B564FF4B}
ELIMINÉ: {5B1FF025-2C03-4DC2-8CF3-F5A38ED13B14}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
49 : Chaves do Registo
7 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
12 : Ficheiros
3 : Softwares
7 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 02mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2014 18:37:17 [5779]
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Ter 24 Jun 2014, 18:46

Reinicie o PC para o ZHP completar a limpeza dele. Depois de reiniciar faça o seguinte, por gentileza:

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Delcides Cortello em Ter 24 Jun 2014, 20:00


ok. Segue relatório.

~ Relatório do ZHPDiag v2014.6.23.97 - Nicolas Coolman (23/06/2014)
~ Iniciado por famlia (24/06/2014 19:53:02)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4714
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (29%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMLIA-PC
~ User Name: famlia
~ All Users Names: HomeGroupUser$, famlia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\famlia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\famlia\AppData\Roaming\
~ %Desktop% : C:\Users\famlia\Desktop\
~ %Favorites% : C:\Users\famlia\Favorites\
~ %LocalAppData% : C:\Users\famlia\AppData\Local\
~ %StartMenu% : C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.15/01/2011 - 22:34:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.44214C94911C7CFB1D52CB64D5E8368D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/01/2011 - 22:32:56.) -- C:\Windows\System32\wininet.dll [980992]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.15/01/2011 - 22:32:05.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.15/01/2011 - 22:34:39.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/01/2011 - 22:33:52.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2011 - 22:32:12.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/01/2011 - 22:31:19.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/01/2011 - 22:33:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.15/01/2011 - 22:32:23.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.15/01/2011 - 22:33:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.15/01/2011 - 22:37:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.15/01/2011 - 22:32:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/129
~ Mes musiques (My Musics) : 196/2355
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 10/9738
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 27s



---\\ Processos lançados
[MD5.79A2C7527829F70FD5E59287B700D47C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071168] [PID.3764]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53315;https=127.0.0.1:53315 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.125 201.6.2.225
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\BrowseBurst]
[HKLM\Software\Easy Deals] =>PUP.EasyDeals
[HKLM\Software\RichMediaViewV1release4262] =>PUP.MediaViewer
~ Key Software: 162 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/06/2014 - 18:37:06 - [0] ----D C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 02/05/2014 - 23:34:44 - [] ----D C:\Users\famlia\AppData\Local\com
~ Program Folder: 136 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DDC0B6672AB7862A3C2D7AA2ADB6B645] - 13/06/2014 - 16:42:39 ---A- . (.No owner - Setup/Uninstall.) -- C:\Windows\unins000.exe [715038]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 13/06/2014 - 16:42:49 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.526B169E421FDE6E26CE2359030CCBC2] - 13/06/2014 - 16:43:07 ---A- . (...) -- C:\Windows\unins000.dat [1786]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [240640]
O44 - LFC:[MD5.5E8CD1804C1A035311F5DA9C1048F024] - 13/06/2014 - 16:44:23 ---A- . (...) -- C:\Windows\System32\xvid.ax [153088]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 13/06/2014 - 17:17:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.E189421D996E995725FEBEA039239FD0] - 16/06/2014 - 00:28:42 ---A- . (...) -- C:\zoek-results2014-06-16-032842.log [1475]
O44 - LFC:[MD5.0FB41E6788E68B4D45F59729CF972421] - 16/06/2014 - 03:52:58 ---A- . (...) -- C:\zoek-results2014-06-16-065258.log [1391]
O44 - LFC:[MD5.CB2206A3820B3BE39183DB2CD004AEAD] - 16/06/2014 - 04:27:59 ---A- . (...) -- C:\zoek-results2014-06-16-072759.log [1617]
O44 - LFC:[MD5.EB4B028119BF38D2DA51AFD33B57E91E] - 16/06/2014 - 16:38:54 ---A- . (...) -- C:\zoek-results2014-06-16-193854.log [58467]
O44 - LFC:[MD5.89B955BAE99B00A63A8253D28B6BAE1E] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.18E625D35AFF15AFB5B79BF5465A0446] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.50EF4CB831C16093227729C83EC73739] - 19/06/2014 - 16:00:49 ---A- . (...) -- C:\zoek-results2014-06-19-190049.log [27187]
O44 - LFC:[MD5.50ABC193CF7DD29B7E0FE7C81D76604F] - 20/06/2014 - 11:34:10 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.7F5987B50B6A3EEA0F2C131DD827CB4E] - 20/06/2014 - 11:56:53 ---A- . (...) -- C:\zoek-results2014-06-20-145653.log [31139]
O44 - LFC:[MD5.1E99117FFEC609EE8C5C34688D7AF3C1] - 21/06/2014 - 19:15:29 ---A- . (...) -- C:\zoek-results.log [2479]
~ Files: 33 Legitimates Filtered in 00mn 12s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2197bc21-08d9-11e3-8c78-506313dd7f79}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AVG-Secure-Search-Update_1213b [Key] . (...) -- C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\ContentExplorer [Key] . (...) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe (.not file.) =>PUP.ContentExplorer
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/02/2014 - 14:45:54 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [47488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 73 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 375 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 12/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/06/2014 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13026 - (23/06/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_1213b] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
[HKLM\Software\Easy Deals] =>PUP.EasyDeals^
[HKLM\Software\RichMediaViewV1release4262] =>PUP.MediaViewer^
~ Additionnel Scan: 160634 Items scanned in 00mn 42s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Proxy
[Você precisa estar registrado e conectado para ver este link.] =>PUP.EasyDeals
[Você precisa estar registrado e conectado para ver este link.] =>PUP.ContentExplorer
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BrowseFox
~ MSI: 4 link(s) detected in 00mn 00s



~ 689 Legitimates filtered by white list
End of the scan (391 lines in 02mn 19s)(0)
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Power Max em Ter 24 Jun 2014, 20:09

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Delcides Cortello em Qua 25 Jun 2014, 00:31


Segue relatório.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by famlia at 25/06/2014 00:28:35
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 20s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2014 18:37:17 [5860]
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R2].txt - 25/06/2014 00:22:01 [1658]
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R3].txt - 25/06/2014 00:28:55 [1313]
avatar
Delcides Cortello
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 13/06/2014

Voltar ao Topo Ir em baixo

Re: CE UmbrellaCert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum