Remover istart.webssearches

por Fuçador Qua 25 Jun 2014, 11:55

estou precisando de sua ajuda novamente para remover esse istart e melhorar o desempenho deste pc
desde ja fico grato

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:53, on 25/6/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliente\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Arquivos de programas\SaveSense\SaveSenseIE.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Arquivos de programas\SupTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [upfst_br_3.exe] C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\fst_br_3\upfst_br_3.exe -runhelper
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\RunOnce: [gcncagkkhfoombgbihckkccmkjemhohl Upgrader] "C:\DOCUME~1\cliente\CONFIG~1\Temp\gcn195.tmp\UPDATER.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IePlugin Service (IePluginService) - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService\PluginService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Arquivos de programas\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Arquivos de programas\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Software Updater (SrvUpdater) - Unknown owner - C:\Arquivos de programas\SoftwareUpdater\UpdaterService.exe (file missing)
O23 - Service: WindowsProtectManger Service (WindowsProtectManger) - Unknown owner - C:\Documents and Settings\All Users\Dados de aplicativos\WindowsProtectManger\wprotectmanager.exe (file missing)

--
End of file - 8984 bytes

por **Power Max** Qua 25 Jun 2014, 12:11

Olá!

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por Fuçador Qua 25 Jun 2014, 12:46

relatorio do adwcleaner

# AdwCleaner v3.213 - Relatório criado 25/06/2014 às 12:41:04
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : cliente - CLIENTE-D87712E
# Executando de : C:\Documents and Settings\cliente\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP
[#] Serviço Deletada : IePluginService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
[#] Serviço Deletada : SrvUpdater
[#] Serviço Deletada : WindowsProtectManger

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\WindowsProtectManger
Pasta Deletada : C:\Arquivos de programas\AskPartnerNetwork
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\LinkSwift
Pasta Deletada : C:\Arquivos de programas\predm
Pasta Deletada : C:\Arquivos de programas\SaveSense
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\SoftwareUpdater
Pasta Deletada : C:\Arquivos de programas\SupTab
Pasta Deletada : C:\Arquivos de programas\Vittalia
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\AskPartnerNetwork
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Freesofttoday
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\DOCUME~1\cliente\CONFIG~1\Temp\apn
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\SupTab
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\UpdaterEX
Pasta Deletada : C:\Documents and Settings\cliente\Dados de aplicativos\webssearches
Pasta Deletada : C:\Documents and Settings\cliente\Menu Iniciar\Programas\SaveSense
Arquivo Deletada : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\cliente\Menu Iniciar\Programas\Internet Explorer.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKCU\Software\526dbd9b268ef41
Chave Deletedo : HKLM\SOFTWARE\526dbd9b268ef41
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\LinkSwift
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\Software\AskPartnerNetwork
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\LinkSwift
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SoftwareUpdater
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\Vittalia
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkSwift
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LinkSwift
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vittalia
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webssearches uninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v6.0.2900.5512

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : nchpfiddbhbdnagofhkjlaiaejmkdcla
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [13896 octets] - [25/06/2014 12:24:26]
AdwCleaner[S0].txt - [13388 octets] - [25/06/2014 12:41:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13449 octets] ##########

por **Power Max** Qua 25 Jun 2014, 12:48

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Fuçador Qua 25 Jun 2014, 13:38

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by cliente on qua 25/06/2014 at 13:19:40,96.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/6/2014 13:20:11 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Arquivos de programas\GUM6F.tmp deleted
C:\Documents and Settings\cliente\vga1D1.tmp deleted
C:\Documents and Settings\cliente\vga1D2.tmp deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\System32\searchplugins deleted
C:\WINDOWS\System32\Extensions deleted

==== Folders Found ======================

2013-10-09 22:18:20 2013-10-09 22:24:42 -------- d-----w- C:\BaiduDownloads
2014-06-25 15:41:14 2014-06-25 15:41:14 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-06-25 15:41:27 2014-06-25 15:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\cliente\Dados de aplicativos\baidu
2014-06-25 15:41:27 2014-06-25 15:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\cliente\Dados de aplicativos\baidu\Baidu Antivirus
2013-10-09 20:20:40 2014-02-23 19:22:12 -------- d-----w- C:\Arquivos de programas\Baidu Security
2014-02-23 19:22:12 2014-06-25 14:30:03 -------- d-----w- C:\Arquivos de programas\Baidu Security\Baidu Antivirus
2014-02-23 19:22:30 2014-02-23 19:22:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\baidu
2013-10-09 20:19:16 2014-05-27 01:19:06 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2014-05-27 01:17:19 2014-05-27 01:17:19 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu
2013-10-09 20:20:23 2013-10-09 21:57:27 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2013-10-09 20:23:44 2013-10-09 21:57:26 -------- d-----w- C:\Documents and Settings\cliente\Dados de aplicativos\Baidu Security
2013-11-04 18:01:26 2013-11-04 18:01:26 -------- d-----w- C:\Documents and Settings\cliente\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-11-04 18:01:28 2013-11-04 18:01:28 -------- d-----w- C:\Documents and Settings\cliente\Dados de aplicativos\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\Documents and Settings\cliente\Cookies\cliente@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 101
Created time: 2014-05-27 01:11:08
Modified time: 2014-05-27 01:11:08
MD5: 5E1C5976E099DD3A974475129AAA45C8
SHA1: C7ADD70276A9386356FFE80EC19CCB313551FA41

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\Documents and Settings\\All Users\\Application Data\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini111713-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=4JV79C7W-0040A70BF26C!77169398-07dc-4ff4-aefd-6f57ac120e08@#0040A70BF26C&install_time=2013-10-09 21:57:31"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\DataReport]

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-09 19_44_34_[0281]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-09 19_18_18_[0390]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-10 09_38_19_[0515]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-10 22_06_56_[0312]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-11 15_06_51_[0296]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-19 15_52_40_[0562]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-19 20_47_12_[0796]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Install]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\InstalledPatchesRecord]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"HP Component Manager_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SoundMan_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu PC Faster]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavTray.exe"="Baidu Antivirus Tray Application"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Investigate.exe"="Baidu Antivirus Investigate Application"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\uninstall.exe"="Baidu Antivirus Uninstall"

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavSvc.exe"="Baidu Antivirus Service"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini111713-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
odpccdgkmiicgocepijnaeihjnjnomca - C:\Arquivos de programas\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=bav_inner_hp_01_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=bav_inner_hp_01_hao123_br"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Desktop\HP Deskjet 3740 Series Guia do usuário.lnk -
C:\Documents and Settings\All Users\Desktop\Impressão de foto HP.lnk -
C:\Documents and Settings\All Users\Desktop\LMania 8.lnk - C:\LMania80\LMania.exe
C:\Documents and Settings\All Users\Desktop\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\cliente\Menu Iniciar\Programas\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cliente\Menu Iniciar\Programas\Aplicativos do Google Chrome\Until AM for Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Documents and Settings\cliente\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\odpccdgkmiicgocepijnaeihjnjnomca deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\cliente\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\cliente\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=2 918 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\cliente\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on qua 25/06/2014 at 13:34:45,03 ======================

por **Power Max** Qua 25 Jun 2014, 19:22

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Fuçador Qua 25 Jun 2014, 20:22

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by cliente on qua 25/06/2014 at 19:54:02,73.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-25-163445.log 28812 bytes

==== System Restore Info ======================

25/6/2014 19:54:42 Zoek.exe System Restore Point Created Succesfully.

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini111713-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]
"url"=-
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\DataReport]
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-09 19_44_34_[0281]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-09 19_18_18_[0390]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-10 09_38_19_[0515]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-10 22_06_56_[0312]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-11 15_06_51_[0296]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-19 15_52_40_[0562]rpdata.dat"=-
"c:\\documents and settings\\cliente\\dados de aplicativos\\baidu security\\pc app store\\rpdata\\2013-10-19 20_47_12_[0796]rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"HP Component Manager_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SoundMan_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu PC Faster]
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavTray.exe"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Investigate.exe"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\uninstall.exe"=-
[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavSvc.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini111713-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\BaiduDownloads deleted
C:\Arquivos de programas\Baidu Security deleted
C:\Documents and Settings\All Users\Application Data\baidu deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security deleted
C:\Documents and Settings\All Users\Documentos\Baidu deleted
C:\Documents and Settings\All Users\Documentos\Baidu Security deleted
C:\Documents and Settings\cliente\Dados de aplicativos\Baidu Security deleted

==== Folders Found ======================

2014-06-25 15:41:14 2014-06-25 15:41:14 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-06-25 15:41:27 2014-06-25 15:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\cliente\Dados de aplicativos\baidu
2014-06-25 15:41:27 2014-06-25 15:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\cliente\Dados de aplicativos\baidu\Baidu Antivirus
2014-06-25 22:55:52 2014-06-25 22:55:52 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security
2014-06-25 22:55:52 2014-06-25 22:55:52 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security_Baidu Antivirus
2014-06-25 22:55:50 2014-06-25 22:55:51 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-06-25 22:55:52 2014-06-25 22:55:52 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Application Data_baidu
2014-06-25 22:55:52 2014-06-25 22:56:18 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-06-25 22:56:18 2014-06-25 22:56:18 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu
2014-06-25 22:56:18 2014-06-25 22:56:18 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-06-25 22:56:18 2014-06-25 22:56:24 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_cliente_Dados de aplicativos_Baidu Security
2014-06-25 22:56:25 2014-06-25 22:56:25 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_cliente_Dados de aplicativos_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-25 22:56:25 2014-06-25 22:56:25 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_cliente_Dados de aplicativos_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-25 22:55:52 2014-06-25 22:55:52 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security\Baidu Antivirus
2014-06-25 22:56:24 2014-06-25 22:56:24 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_cliente_Dados de aplicativos_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-25 22:56:25 2014-06-25 22:56:25 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_cliente_Dados de aplicativos_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\Documents and Settings\cliente\Cookies\cliente@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 101
Created time: 2014-05-27 01:11:08
Modified time: 2014-05-27 01:11:08
MD5: 5E1C5976E099DD3A974475129AAA45C8
SHA1: C7ADD70276A9386356FFE80EC19CCB313551FA41

--- C:\zoek_backup\C_Documents and Settings_cliente_Cookies_cliente@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 101
Created time: 2014-06-25 22:56:25
Modified time: 2014-05-27 01:11:08
MD5: 5E1C5976E099DD3A974475129AAA45C8
SHA1: C7ADD70276A9386356FFE80EC19CCB313551FA41

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=161 folders=63 191762393 bytes)

==== EOF on qua 25/06/2014 at 19:57:29,75 ======================

por **Power Max** Qua 25 Jun 2014, 21:15

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Fuçador Qua 25 Jun 2014, 22:28

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by cliente on qua 25/06/2014 at 21:39:34,34.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\cliente\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-25-163445.log 28812 bytes
C:\zoek-results2014-06-25-225729.log 24783 bytes

==== System Restore Info ======================

25/6/2014 21:40:12 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\3.8.8.1435\Install\173078]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1417001333-602162358-1801674531-1003\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=161 folders=63 191762393 bytes)

==== EOF on qua 25/06/2014 at 21:40:47,46 ======================

por **Power Max** Qua 25 Jun 2014, 22:33

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Fuçador Qui 26 Jun 2014, 10:31

só nao consegui executar como admistrador pq esse pc é do meu cunhado aqui em goiania, e quando vou executar no modo admnistrador pede uma senha e nao temos essa senha pois ele comprou o pc usado

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by cliente on qui 26/06/2014 at 10:21:07,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1417001333-602162358-1801674531-1003\Software\sweetim

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on qui 26/06/2014 at 10:28:02,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qui 26 Jun 2014, 10:36

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por Fuçador Qui 26 Jun 2014, 11:07

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/6/2014)
~ Iniciado por cliente (26/6/2014 11:05:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v6.0.2900.5512
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3972

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1518 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 52 GB (70%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CLIENTE-D87712E
~ User Name: cliente
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, cliente, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\cliente\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\cliente\Desktop\
~ %Favorites% : C:\Documents and Settings\cliente\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\cliente\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 149 Go of 149 Go)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.DF6D0F37A71883BE3505DD517EB8AD83] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\wininet.dll [668160]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/121
~ Mon Bureau (My Desktop) : 0/1274
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.FD32127449AF0B96EBECA3CAAB74E423] - (.HP - No Comment.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [172032] [PID.580]
[MD5.3E2142D5AF7492EA16D4D96ECBDE790D] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [577536] [PID.616]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.200]
[MD5.58F7F8D02D438B5AAE4005FE81DE30CF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1840424] [PID.1048]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1432]
[MD5.78073F606AE3B24F6C1F555759AA8511] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [877864] [PID.1668]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\WINDOWS\system32\IoctlSvc.exe [81920] [PID.1904]
[MD5.37A39E3271842BAE754540FE004D9CB5] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [537896] [PID.816]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe [507264] [PID.792]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [860488] [PID.3352]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8071680] [PID.556]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] . (.HP - No Comment.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [fst_br_3] Chave orfã
O4 - HKLM\..\Run: [upfst_br_3.exe] C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\fst_br_3\upfst_br_3.exe (.not file.)
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [456]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM] -- {4F524A2D-5637-4300-76A7-A758B70C0F01} =>Toolbar.Avira
~ Logic: 15 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/10/2013 - 17:18:49 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 8/10/2013 - 17:18:12 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 8/10/2013 - 17:28:11 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/5/2014 - 10:56:50 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Inicializar
~ Program Folder: 79 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DBFD437D23A55C0734C0D8D19A62FF0D] - 19/6/2014 - 13:57:15 ---A- . (...) -- C:\WINDOWS\wmsetup.log [44454]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 25/6/2014 - 12:25:27 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.E014E44D126A4701F4D9BDC78952B99F] - 25/6/2014 - 13:34:45 ---A- . (...) -- C:\zoek-results2014-06-25-163445.log [28812]
O44 - LFC:[MD5.25F81C74E33853869EA70705B3326028] - 25/6/2014 - 19:57:29 ---A- . (...) -- C:\zoek-results2014-06-25-225729.log [24783]
O44 - LFC:[MD5.7388926CE7DFED19928F98610C838733] - 25/6/2014 - 21:40:47 ---A- . (...) -- C:\zoek-results.log [3124]
O44 - LFC:[MD5.6C9E0F5197F4E686F7C672F5073D55B7] - 26/6/2014 - 10:18:04 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.C7610CE42FD9BBC058D3AA6185A5C469] - 26/6/2014 - 10:18:04 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
~ Files: 19 Legitimates Filtered in 00mn 02s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys.sum [175]
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 42 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.954EEB12152F96B6C76240AA5A848FF7] [SPRF][25/6/2014] (...) -- C:\Documents and Settings\cliente\Desktop\AdwCleaner.exe [1342659]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][25/6/2014] (...) -- C:\Documents and Settings\cliente\Desktop\zoek.exe [1285120]
~ Files: 5 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D2A425F473650034677A7A857BC0F010" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{4F524A2D-5637-4300-76A7-A758B70C0F01}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AF958D73F022FB44D6B87AC01B98130A] [WIS][25/6/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\896a8.msi [480768] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 02s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 4841 Legitimates Filtered in 00mn 12s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/7/1658 0 | (aspnet_state) . (...) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 8/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/10/2013 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 25/7/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 2/12/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 25/3/2009 537896 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\WINDOWS\system32\IoctlSvc.exe
~ Services: Scanned in 00mn 12s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/6/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 8

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0F01}] =>Toolbar.Avira^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker] =>Adware.Agent
C:\Windows\Installer\896a8.msi =>Toolbar.Avira^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 139052 Items scanned in 00mn 30s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 2 link(s) detected in 00mn 00s

~ 618 Legitimates filtered by white list
End of the scan (435 lines in 01mn 09s)(0)

por **Power Max** Qui 26 Jun 2014, 11:58

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
______________________________________________________________________________________

Remover istart.webssearches 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Remover istart.webssearches 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por Fuçador Qui 26 Jun 2014, 12:13

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by cliente at 26/6/2014 12:12:10
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 26/6/2014 12:11:52 [2759]
C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 26/6/2014 12:12:12 [1217]

por **Power Max** Qui 26 Jun 2014, 12:33

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por Fuçador Qui 26 Jun 2014, 12:43

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/6/2014)
~ Iniciado por cliente (26/6/2014 12:42:18)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v6.0.2900.5512
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3972

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1518 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 52 GB (70%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CLIENTE-D87712E
~ User Name: cliente
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, cliente, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\cliente\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\cliente\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\cliente\Desktop\
~ %Favorites% : C:\Documents and Settings\cliente\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\cliente\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\cliente\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 149 Go of 149 Go)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.DF6D0F37A71883BE3505DD517EB8AD83] - (.Microsoft Corporation - Internet Extensions para Win32.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\wininet.dll [668160]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 06:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/122
~ Mon Bureau (My Desktop) : 0/1275
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.FD32127449AF0B96EBECA3CAAB74E423] - (.HP - No Comment.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [172032] [PID.580]
[MD5.3E2142D5AF7492EA16D4D96ECBDE790D] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [577536] [PID.616]
[MD5.58F7F8D02D438B5AAE4005FE81DE30CF] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe [1840424] [PID.1048]
[MD5.78073F606AE3B24F6C1F555759AA8511] - (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [877864] [PID.1668]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\WINDOWS\system32\IoctlSvc.exe [81920] [PID.1904]
[MD5.37A39E3271842BAE754540FE004D9CB5] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [537896] [PID.816]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [860488] [PID.3476]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8071680] [PID.2780]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] . (.HP - No Comment.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1417001333-602162358-1801674531-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{011B3690-11D2-46AA-A25F-85BAB628E9B4}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/10/2013 - 17:18:49 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 8/10/2013 - 17:18:12 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 8/10/2013 - 17:28:11 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/5/2014 - 10:56:50 - [] R---D C:\Documents and Settings\cliente\Menu Iniciar\Programas\Inicializar
~ Program Folder: 79 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DBFD437D23A55C0734C0D8D19A62FF0D] - 19/6/2014 - 13:57:15 ---A- . (...) -- C:\WINDOWS\wmsetup.log [44454]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 25/6/2014 - 12:25:27 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.E014E44D126A4701F4D9BDC78952B99F] - 25/6/2014 - 13:34:45 ---A- . (...) -- C:\zoek-results2014-06-25-163445.log [28812]
O44 - LFC:[MD5.25F81C74E33853869EA70705B3326028] - 25/6/2014 - 19:57:29 ---A- . (...) -- C:\zoek-results2014-06-25-225729.log [24783]
O44 - LFC:[MD5.7388926CE7DFED19928F98610C838733] - 25/6/2014 - 21:40:47 ---A- . (...) -- C:\zoek-results.log [3124]
O44 - LFC:[MD5.6C9E0F5197F4E686F7C672F5073D55B7] - 26/6/2014 - 10:18:04 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.C7610CE42FD9BBC058D3AA6185A5C469] - 26/6/2014 - 10:18:04 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/6/2014 - 11:12:22 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log [0]
~ Files: 20 Legitimates Filtered in 00mn 01s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys.sum [175]
O58 - SDL:8/10/2013 - 17:43:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/4/2008 - 06:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 42 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.954EEB12152F96B6C76240AA5A848FF7] [SPRF][25/6/2014] (...) -- C:\Documents and Settings\cliente\Desktop\AdwCleaner.exe [1342659]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][25/6/2014] (...) -- C:\Documents and Settings\cliente\Desktop\zoek.exe [1285120]
~ Files: 5 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/7/1658 0 | (aspnet_state) . (...) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 8/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/10/2013 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 25/7/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 2/12/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Demand 25/3/2009 537896 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\WINDOWS\system32\IoctlSvc.exe
~ Services: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/6/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 130965 Items scanned in 00mn 26s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 3 Legitimates Filtered in 00mn 00s

~ 606 Legitimates filtered by white list
End of the scan (360 lines in 00mn 52s)(0)

por **Power Max** Qui 26 Jun 2014, 12:48

Como está o PC depois destes procedimentos?

por Fuçador Qui 26 Jun 2014, 12:54

Max vc é o cara sumiu ask e esse istartwebssearches entre outros
apesar de ser um celeron esta rodando perfeito
eu e meu cunhado estamos muito grato
vlw outra vez!

por **Power Max** Qui 26 Jun 2014, 12:56

Fico feliz que o problema tenha sido resolvido.

Remover istart.webssearches 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Remover istart.webssearches 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Remover istart.webssearches 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Power Max** Qui 26 Jun 2014, 12:59

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remover istart.webssearches

Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Re: Remover istart.webssearches

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30