como eliminar br.yhs4.search ?

por xelaxela Qui 19 Jun 2014, 03:59

Ola pessoal do PC Brasil ,

Meu pc está lento abrindo varias paginas e está me direcionando p
outro meio de pesquisa " br.yhs4.search "

Sou novo no forum , espero conseguir resolver meu problema

desde já obrigado

por **Power Max** Qui 19 Jun 2014, 10:07

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por xelaxela Qui 19 Jun 2014, 11:43

# AdwCleaner v3.212 - Relatório criado 19/06/2014 às 11:39:36
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : SECUREASSIST
[#] Serviço Deletada : ViewPassword

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\saave eneT
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Deletada : C:\Program Files (x86)\ViewPassword-soft
Pasta Deletada : C:\Program Files (x86)\saave eneT
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\ASPNET\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\UpdatusUser\AppData\Local\torch
Pasta Deletada : C:\Users\Usuario\AppData\Local\torch
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.ini
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssistOff.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Windows\System32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\aps.uninstall.scan.results
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-1
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-3
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-4
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-5
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-6
Arquivo Deletada : C:\Windows\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\b1cb62d0-f15c-44a7-a3b3-860cd710383b-7

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKCU\Software\AnyProtect
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKCU\Software\AppDataLow\Software\ViewPassword
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\Rr Savings
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\Rr Savings
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [21093 octets] - [19/06/2014 11:38:51]
AdwCleaner[S0].txt - [19509 octets] - [19/06/2014 11:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19570 octets] ##########

por **Power Max** Qui 19 Jun 2014, 11:54

No seu PC está constando o antivirus Baidu instalado. Você quer removê-lo ou quer continuar com ele?
_____________________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por xelaxela Qui 19 Jun 2014, 17:14

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Usuario on 19/06/2014 at 16:46:47,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-19-142205.log 40547 bytes
C:\zoek-results2014-06-19-192929.log 35414 bytes
C:\zoek-results2014-06-19-194357.log 30720 bytes

==== System Restore Info ======================

19/06/2014 16:47:50 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Folders Found ======================

2014-06-19 14:39:38 2014-06-19 14:39:38 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-05 22:13:39 2014-06-05 22:13:39 -------- d-----w- C:\Program Files (x86)\Baidu Security
2013-10-18 23:09:06 2014-06-19 18:09:10 -------- d-----w- C:\ProgramData\Baidu Security
2013-10-18 23:09:06 2014-06-19 18:09:10 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-19 18:08:50 2014-06-19 18:08:50 -------- d-----w- C:\Users\Public\Documents\Baidu
2013-10-18 23:08:15 2014-02-09 23:17:00 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2013-10-18 23:08:15 2013-10-18 23:08:15 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security
2014-02-09 23:25:52 2014-02-09 23:25:52 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-09 23:25:52 2014-02-09 23:25:52 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-19 07:29:15 2014-06-19 04:33:45 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_baidu

==== Files Found ======================

--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.7.7-5A08431B.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 82652
Created time: 2014-06-19 18:08:53
Modified time: 2014-06-19 18:08:53
MD5: 57E86064BB619CB1A854F1AC6811AEEB
SHA1: 1DD851833E15B154DF1B4B162C7C40D0EF5B458E

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3678
Created time: 2014-06-19 18:52:47
Modified time: 2014-06-19 19:29:18
MD5: 8F98D9D37DE5D34BB8E5164A40C69DD5
SHA1: 1F0511876361E90658977616EB860B16AE13370B

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3728
Created time: 2014-06-19 18:52:47
Modified time: 2014-06-19 19:29:17
MD5: E1DA389F96A47F38E9554B0A71AA9D0B
SHA1: B224DBB4229E7D59E9F9C00145364E09981F3944

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Usuario\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1111.exe"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"="http://csu.pcfaster.baidu.com/cgi-bin/ps_put_file.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.7.72269&userid=fa2e40c0d6e6de4ea222b3d314e8faa7&old_userid=5VP8KLEX-50E549F19E36!6cc681c2-f4d5-4721-a3b9-892af5b01975@#50E549F19E36&install_time=2014-06-19 18:08:50&parent_name="

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.7.72269&userid=fa2e40c0d6e6de4ea222b3d314e8faa7&old_userid=5VP8KLEX-50E549F19E36!6cc681c2-f4d5-4721-a3b9-892af5b01975@#50E549F19E36&install_time=2014-06-19 18:08:50&parent_name="

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\UpdatusUser\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1111.exe"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"BaiduTn"="tn=incore_pay_sc_05_hao123_br"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"NewBaiduTn"="tn=incore_pay_sc_05_hao123_br"

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Chrome Look ======================

Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{31090377-0740-419E-BEFC-A56E50500D5B} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\UpdatusUser\Desktop\Hao123.lnk - C:\Users\Usuario\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\Users\Usuario\Desktop\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe
C:\Users\Usuario\Desktop\MP3Gain.lnk - C:\Program Files (x86)\MP3Gain\MP3GainGUI.exe
C:\Users\Usuario\Desktop\Sound Forge 8.0.lnk - C:\Program Files (x86)\Sony\Sound Forge 8.0\Forge80.exe
C:\Users\Usuario\Desktop\Traktor DJ Studio 2.lnk - C:\Program Files (x86)\Native Instruments\Traktor DJ Studio 2\TraktorDJStudio2.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\amcap.lnk - C:\Program Files (x86)\Vimicro\Vimicro USB PC Camera (ZS0211)\x86_x64\amcap.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Photosmart Plus B210 series.lnk - C:\Program Files (x86)\HP\HP Photosmart Plus B210 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart Plus B210 series.lnk - C:\Program Files (x86)\HP\HP Photosmart Plus B210 series\ePrintCenterShortcut.url
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\HP Photosmart Plus B210 series Scan.lnk - C:\Program Files (x86)\HP\HP Photosmart Plus B210 series\bin\HPScan.exe
C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk - C:\Program Files (x86)\HP\HP Photosmart Plus B210 series\Bin\HP Photosmart Plus B210 series.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Soundcloud Downloader\Free Soundcloud Downloader.lnk - C:\Program Files (x86)\FreeSoundcloudDownloader\FreeSoundcloudDownloader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Soundcloud Downloader\Uninstall.lnk - C:\Program Files (x86)\FreeSoundcloudDownloader\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Usuario\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=578 folders=197 19199829 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 19/06/2014 at 17:10:57,66 ======================

por **Power Max** Qui 19 Jun 2014, 20:45

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por xelaxela Qua 25 Jun 2014, 17:11

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Usuario on 25/06/2014 at 16:57:22,88.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-19-142205.log 40547 bytes
C:\zoek-results2014-06-19-192929.log 35414 bytes
C:\zoek-results2014-06-19-194357.log 30720 bytes
C:\zoek-results2014-06-19-201057.log 24422 bytes

==== System Restore Info ======================

25/06/2014 16:58:33 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]
"url"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]
"url"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"BaiduTn"=-
[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]
"NewBaiduTn"=-
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.7.7-5A08431B.pf" deleted
"C:\Users\Usuario\AppData\Roaming\Baidu Security" deleted

==== Folders Found ======================

2014-06-19 14:39:38 2014-06-19 14:39:38 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-19 07:29:15 2014-06-19 04:33:45 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_baidu
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-25 19:59:11 2014-06-25 19:59:12 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-25 19:59:11 2014-06-25 19:59:11 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.7.7-5A08431B.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 82652
Created time: 2014-06-25 19:59:12
Modified time: 2014-06-19 18:08:53
MD5: 57E86064BB619CB1A854F1AC6811AEEB
SHA1: 1DD851833E15B154DF1B4B162C7C40D0EF5B458E

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3678
Created time: 2014-06-19 18:52:47
Modified time: 2014-06-19 19:29:18
MD5: 8F98D9D37DE5D34BB8E5164A40C69DD5
SHA1: 1F0511876361E90658977616EB860B16AE13370B

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3728
Created time: 2014-06-19 18:52:47
Modified time: 2014-06-19 19:29:17
MD5: E1DA389F96A47F38E9554B0A71AA9D0B
SHA1: B224DBB4229E7D59E9F9C00145364E09981F3944

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=606 folders=237 26049013 bytes)

==== EOF on 25/06/2014 at 17:00:09,20 ======================

por **Power Max** Qua 25 Jun 2014, 18:03

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por xelaxela Qua 25 Jun 2014, 19:44

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Usuario on 25/06/2014 at 19:23:05,53.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-19-142205.log 40547 bytes
C:\zoek-results2014-06-19-192929.log 35414 bytes
C:\zoek-results2014-06-19-194357.log 30720 bytes
C:\zoek-results2014-06-19-201057.log 24422 bytes
C:\zoek-results2014-06-25-200009.log 13051 bytes

==== System Restore Info ======================

25/06/2014 19:23:46 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827476]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\827538]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4108949893-3818560227-947179346-1001\Software\Baidu\Hao123-br\hao123desk]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=606 folders=237 26049013 bytes)

==== EOF on 25/06/2014 at 19:24:23,56 ======================

por **Power Max** Qua 25 Jun 2014, 20:02

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por xelaxela Qua 25 Jun 2014, 21:06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Usuario on 25/06/2014 at 20:47:03,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/06/2014 at 20:51:41,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qua 25 Jun 2014, 21:08

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por xelaxela Qui 26 Jun 2014, 02:56

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Usuario (26/06/2014 02:53:55)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514 (Defaut)
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4592
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.06

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 775 GB (83%) free of 931 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, UpdatusUser, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 775 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - (.Microsoft Corporation - Internet Extensions para Win32.) (.20/11/2010 - 04:27:30.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/92
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/44
~ Mes Documents (My Documents) : 2/458
~ Mon Bureau (My Desktop) : 1/38612
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 04s

---\\ Processos lançados
[MD5.5897D901DBAD0199257F0BF6EA1CEF17] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.2744]
[MD5.2ED1775D761251C645D6590AE4E7248C] - (...) -- C:\Program Files (x86)\Winamp\winampa.exe [37888] [PID.2904]
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2912]
[MD5.5603C2C8940F5E43864D4000304AB175] - (...) -- C:\Windows\Domino.exe [49152] [PID.2920]
[MD5.4D83DC461F8F4370274CF6E9AC9A34F4] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2928]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2952]
[MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456] [PID.2960]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.388]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.1464]
[MD5.4F08BE2C2AC568EE9867A9B0F4F09540] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.988]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1856]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1888]
[MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424] [PID.2016]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1388]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.2124]
[MD5.C98F28448B8A2488B499657C396EF3A0] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1914656] [PID.2252]
[MD5.6F86F989CF0F416999F6D83EC36D51CE] - (...) -- C:\Windows\TEMP\7zSF9C8.tmp\AVG-Secure-Search-Update.exe [2642456] [PID.1248] =>Toolbar.AVGSearch
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 01s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 21 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (...) -- C:\Program Files (x86)\Winamp\winampa.exe
O4 - HKLM\..\Wow6432Node\Run: [BigDogPath] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Wow6432Node\Run: [Domino] . (...) -- C:\Windows\Domino.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CS2\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.114 201.6.2.214
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\hpwebreg_BR116FB0DD05J9.job [1504]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\hpwebreg_BR116FB0DD05J9 [1504]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 01s

---\\ Software instalados (042)
O42 - Logiciel: FreeSoundcloudDownloader - (...) [HKLM][64Bits] -- Free Soundcloud Downloader_is1
O42 - Logiciel: HQPro-1 - (.HQ-1.9.) [HKLM][64Bits] -- HQPro-1 =>PUP.CrossRider
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2 =>P2P.SoulSeek
~ Logic: 5 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\FreeSoundcloudDownloader]
[HKCU\Software\Olhardigital]
[HKCU\Software\PCDataApp]
[HKCU\Software\SoulSeek] =>P2P.SoulSeek
[HKCU\Software\Soulseek2] =>P2P.SoulSeek
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\PCDataApp]
~ Key Software: 211 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 22:14:42 - [] ----D C:\Program Files (x86)\FreeSoundcloudDownloader
O43 - CFD: 19/06/2014 - 02:34:00 - [] ----D C:\Program Files (x86)\HQPro-1 =>PUP.CrossRider
O43 - CFD: 06/01/2014 - 18:50:10 - [] ----D C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek
O43 - CFD: 06/01/2014 - 18:50:49 - [0] ----D C:\ProgramData\Soulseek =>P2P.SoulSeek
O43 - CFD: 05/06/2014 - 19:18:10 - [0] ----D C:\Users\Usuario\AppData\Local\Lollipop_06052214 =>Adware.Lollipop
O43 - CFD: 06/01/2014 - 18:50:10 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek
~ Program Folder: 147 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A6799D0F42122C0D1E28655C10DB2707] - 19/06/2014 - 01:21:43 ---A- . (...) -- C:\AVScanner.ini [30]
O44 - LFC:[MD5.F393DE18E6B0B266B1F5C231032A7745] - 19/06/2014 - 01:47:18 ---A- . (...) -- C:\Windows\win.ini [756]
O44 - LFC:[MD5.04474431366515E7411CFAC28C47A22F] - 19/06/2014 - 11:22:05 ---A- . (...) -- C:\zoek-results2014-06-19-142205.log [40547]
O44 - LFC:[MD5.86A3A2819218C34784C19B90FDD77762] - 19/06/2014 - 16:29:29 ---A- . (...) -- C:\zoek-results2014-06-19-192929.log [35414]
O44 - LFC:[MD5.67796B7B7FBC52765A80EDF5713794F0] - 19/06/2014 - 16:43:57 ---A- . (...) -- C:\zoek-results2014-06-19-194357.log [30720]
O44 - LFC:[MD5.4D43F4C00EB4A4CA7D84E1E782914C11] - 19/06/2014 - 17:10:57 ---A- . (...) -- C:\zoek-results2014-06-19-201057.log [24422]
O44 - LFC:[MD5.651DF986B7AB63414F8A062B04756C8E] - 25/06/2014 - 17:00:09 ---A- . (...) -- C:\zoek-results2014-06-25-200009.log [13051]
O44 - LFC:[MD5.72A00EE95A35B341210378582D1043AE] - 25/06/2014 - 19:24:23 ---A- . (...) -- C:\zoek-results2014-06-25-222423.log [2472]
O44 - LFC:[MD5.8CD2F346429627711EB70544FAC41E70] - 25/06/2014 - 22:36:38 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [150708]
O44 - LFC:[MD5.A8C810AEDAF27566DBB0720B0B2F4795] - 25/06/2014 - 22:36:38 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [712376]
O44 - LFC:[MD5.1EBC91831A506EA025802AF591825AEB] - 26/06/2014 - 02:26:17 ---A- . (...) -- C:\zoek-results.log [2521]
~ Files: 19 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 63 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 89 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{817E61C3-B3EE-4BCF-BAE0-80EC4231C3AE}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{01EF944A-D5AA-489E-95CB-B1839F8AE8F8}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
~ Firewall: 2 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- C:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][19/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\6211d.msi [4997120] =>PUP.SupraSavings
~ WIS: 1 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASAPI32 =>PUP.AnyProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASMANCS =>PUP.AnyProtect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_2511-5ea0573c_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_2511-5ea0573c_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_Setup_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_Setup_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-codedownloader_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-codedownloader_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-novainstaller_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-novainstaller_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-nova_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-nova_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_06052214_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_06052214_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
~ BTK: 258 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Auto 19/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/10/2013 15122208 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/10/2013 1914656 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 22/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
~ Services: Scanned in 00mn 04s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HQPro-1] =>PUP.CrossRider ^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek2] =>P2P.SoulSeek^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
C:\Program Files (x86)\HQPro-1 =>PUP.CrossRider ^
C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek^
C:\ProgramData\Soulseek =>P2P.SoulSeek^
C:\Users\Usuario\AppData\Local\Lollipop_06052214 =>Adware.Lollipop^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek^
C:\Windows\TEMP\7zSF9C8.tmp\AVG-Secure-Search-Update.exe =>Toolbar.AVGSearch^
[HKCU\Software\SoulSeek] =>P2P.SoulSeek^
[HKCU\Software\Soulseek2] =>P2P.SoulSeek^
C:\Windows\Installer\6211d.msi =>PUP.SupraSavings^
~ Additionnel Scan: 232278 Items scanned in 00mn 15s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AnyProtect
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Bizzybolt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 8 link(s) detected in 00mn 00s

~ 726 Legitimates filtered by white list
End of the scan (452 lines in 00mn 41s)(0)

por **Power Max** Qui 26 Jun 2014, 09:18

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
__________________________________________________________________________________

como eliminar br.yhs4.search ? 772309

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

como eliminar br.yhs4.search ? 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por xelaxela Qui 26 Jun 2014, 13:00

Mensagem Power Max Hoje à(s) 2:18 pm

+
-
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

Vou seguir as dicas do tutorial , o Ccleaner já uso uns 2 anos ....segue o relatório

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 26/06/2014 12:55:56
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\hqpro-1\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HQPro-1]
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AnyProtectScannerSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_2511-5ea0573c_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_2511-5ea0573c_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bizzybolt_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-codedownloader_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-codedownloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-novainstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-novainstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-nova_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HQPro-1-nova_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_06052214_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_06052214_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: C:\Windows\Installer\6211d.msi
ELIMINÉ Temporários windows (110) (1.730.627 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
32 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
1 : Restauração Sistema

End of clean in 00mn 26s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 12:55:59 [3932]

por **Power Max** Qui 26 Jun 2014, 13:04

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por xelaxela Qui 26 Jun 2014, 14:57

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Usuario (26/06/2014 14:54:17)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514 (Defaut)
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 64-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4592

---\\ Softwares d'optimização do sistema
CCleaner v4.06

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 775 GB (83%) free of 931 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, UpdatusUser, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 775 Go of 931 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F6C5302E1F4813D552F41A0AC82455E5] - (.Microsoft Corporation - Internet Extensions para Win32.) (.20/11/2010 - 04:27:30.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/92
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/229
~ Mon Bureau (My Desktop) : 1/19307
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 05s

---\\ Processos lançados
[MD5.C8F0DCA0E032881B6C4422B502194629] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456] [PID.3004]
[MD5.76B9415FFE0F6D65DC0F9D4183CAC2BC] - (.Nullsoft - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe [1435488] [PID.3908]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3792]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.1664]
[MD5.4F08BE2C2AC568EE9867A9B0F4F09540] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.1008]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1820]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1892]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.1872]
[MD5.E5C581D358B62CF65776B8E4E17B9E5C] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424] [PID.1296]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2116]
[MD5.C98F28448B8A2488B499657C396EF3A0] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1914656] [PID.2400]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 01s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 21 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CS2\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{AD2666EC-AFEA-4AA9-8826-F684D986A142}: DhcpNameServer = 201.6.2.114 201.6.2.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.114 201.6.2.214
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\hpwebreg_BR116FB0DD05J9.job [1504]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\hpwebreg_BR116FB0DD05J9 [1504]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 03s

---\\ Software instalados (042)
O42 - Logiciel: FreeSoundcloudDownloader - (...) [HKLM][64Bits] -- Free Soundcloud Downloader_is1
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2 =>P2P.SoulSeek
~ Logic: 4 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\FreeSoundcloudDownloader]
[HKCU\Software\Olhardigital]
[HKCU\Software\SoulSeek] =>P2P.SoulSeek
[HKCU\Software\Soulseek2] =>P2P.SoulSeek
[HKLM\Software\Wow6432Node\HQPro-1] =>PUP.CrossRider
~ Key Software: 207 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 22:14:42 - [] ----D C:\Program Files (x86)\FreeSoundcloudDownloader
O43 - CFD: 06/01/2014 - 18:50:10 - [] ----D C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek
O43 - CFD: 06/01/2014 - 18:50:49 - [0] ----D C:\ProgramData\Soulseek =>P2P.SoulSeek
O43 - CFD: 06/01/2014 - 18:50:10 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek
~ Program Folder: 145 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A6799D0F42122C0D1E28655C10DB2707] - 19/06/2014 - 01:21:43 ---A- . (...) -- C:\AVScanner.ini [30]
O44 - LFC:[MD5.F393DE18E6B0B266B1F5C231032A7745] - 19/06/2014 - 01:47:18 ---A- . (...) -- C:\Windows\win.ini [756]
O44 - LFC:[MD5.04474431366515E7411CFAC28C47A22F] - 19/06/2014 - 11:22:05 ---A- . (...) -- C:\zoek-results2014-06-19-142205.log [40547]
O44 - LFC:[MD5.86A3A2819218C34784C19B90FDD77762] - 19/06/2014 - 16:29:29 ---A- . (...) -- C:\zoek-results2014-06-19-192929.log [35414]
O44 - LFC:[MD5.67796B7B7FBC52765A80EDF5713794F0] - 19/06/2014 - 16:43:57 ---A- . (...) -- C:\zoek-results2014-06-19-194357.log [30720]
O44 - LFC:[MD5.4D43F4C00EB4A4CA7D84E1E782914C11] - 19/06/2014 - 17:10:57 ---A- . (...) -- C:\zoek-results2014-06-19-201057.log [24422]
O44 - LFC:[MD5.651DF986B7AB63414F8A062B04756C8E] - 25/06/2014 - 17:00:09 ---A- . (...) -- C:\zoek-results2014-06-25-200009.log [13051]
O44 - LFC:[MD5.72A00EE95A35B341210378582D1043AE] - 25/06/2014 - 19:24:23 ---A- . (...) -- C:\zoek-results2014-06-25-222423.log [2472]
O44 - LFC:[MD5.1EBC91831A506EA025802AF591825AEB] - 26/06/2014 - 02:26:17 ---A- . (...) -- C:\zoek-results.log [2521]
O44 - LFC:[MD5.8CD2F346429627711EB70544FAC41E70] - 26/06/2014 - 14:37:31 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [150708]
O44 - LFC:[MD5.A8C810AEDAF27566DBB0720B0B2F4795] - 26/06/2014 - 14:37:31 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [712376]
~ Files: 19 Legitimates Filtered in 00mn 03s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 63 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 89 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{817E61C3-B3EE-4BCF-BAE0-80EC4231C3AE}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{01EF944A-D5AA-489E-95CB-B1839F8AE8F8}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AVG-Secure-Search-Update_RASMANCS =>Toolbar.AVGSearch
~ BTK: 236 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 13/05/2014 3644432 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
SS - | Auto 19/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/05/2014 292424 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 17/10/2013 15122208 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/10/2013 1914656 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 22/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
~ Services: Scanned in 00mn 06s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 3

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek2] =>P2P.SoulSeek^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly
C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek^
C:\ProgramData\Soulseek =>P2P.SoulSeek^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek^
[HKCU\Software\SoulSeek] =>P2P.SoulSeek^
[HKCU\Software\Soulseek2] =>P2P.SoulSeek^
[HKLM\Software\Wow6432Node\HQPro-1] =>PUP.CrossRider ^
~ Additionnel Scan: 232099 Items scanned in 00mn 33s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 2 link(s) detected in 00mn 00s

~ 713 Legitimates filtered by white list
End of the scan (375 lines in 01mn 16s)(0)

por **Power Max** Qui 26 Jun 2014, 15:14

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

como eliminar br.yhs4.search ? 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por xelaxela Qui 26 Jun 2014, 16:37

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 26/06/2014 16:34:19
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (02mn 23s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\HQPro-1
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (111) (1.379.450 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema

End of clean in 02mn 38s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 12:55:59 [4014]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/06/2014 16:36:42 [1166]

por **Power Max** Qui 26 Jun 2014, 16:40

Como está o PC depois destes procedimentos?

por xelaxela Qui 26 Jun 2014, 16:47

Estou achando bem melhor , queria saber se pode me dar dicas
sobre o que usar na questão de ant virus e limpeza

por **Power Max** Qui 26 Jun 2014, 16:54

Estou achando bem melhor

Fico feliz que o problema tenha sido resolvido.
_____________________________________________________

queria saber se pode me dar dicas
sobre o que usar na questão de antivirus e limpeza

Sugiro um ótimo antivirus gratuito para você, como o Bitdefender Antivirus Free Edition.

Para instalar e usar corretamente o Bitdefender é só seguir as dicas deste tutorial:

Mantenha seu PC protegido com a versão gratuita do antivirus Bitdefender
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Instale também o Malwarebytes seguindo as dicas do tutorial abaixo, mantenha ele sempre atualizado e faça uma verificação semanal para ter mais segurança em seu PC:

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________________

como eliminar br.yhs4.search ? 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

como eliminar br.yhs4.search ? 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

como eliminar br.yhs4.search ? 648673379

como eliminar br.yhs4.search ? 648673379

Foi um prazer ajudar. Conte sempre conosco!

por xelaxela Qui 26 Jun 2014, 20:22

Agradeço , meu computador ficou bem melhor . Não conhecia esse forum , quanto tempo existe ?

como eliminar br.yhs4.search ? 404338

por **Power Max** Qui 26 Jun 2014, 20:25

O fórum existe desde 2009, se não me engano.

por xelaxela Qui 26 Jun 2014, 21:05

vou sempre ficar de olho nas informações

obrigado isso aí!

por Conteúdo patrocinado

como eliminar br.yhs4.search ?

como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

bom dia , segue o log

Re: como eliminar br.yhs4.search ?

não quero continuar como Baidu , Segue o novo log .....obrigado

Re: como eliminar br.yhs4.search ?

segue o log

Re: como eliminar br.yhs4.search ?

segue o log

Re: como eliminar br.yhs4.search ?

(RESOLVIDO) segue o log

Re: como eliminar br.yhs4.search ?

(RESOLVIDO) o relatório

Re: como eliminar br.yhs4.search ?

novo relatório

Re: como eliminar br.yhs4.search ?

relatório

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Oi

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Re: como eliminar br.yhs4.search ?

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30