Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14443 usuários registrados
O último usuário registrado atende pelo nome de Caio Flavio

Os nossos membros postaram um total de 35198 mensagens em 3565 assuntos
Últimos assuntos
» Notebook lento, acho que está com virus
por joram Ontem à(s) 18:38

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Novembro 2017
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


Links de propaganda nos sites.

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 20:52

Andei olhando os tópicos e já baixei o adwcleaner e segui o tutorial. Estou com o relatório, o que devo fazer agora?

Acho que seria preciso uma análise de um especialista, é isso?

Estão abrindo links offerswizard ads, focusbase ads, me jogam o tempo todo pra outras paginas além de deixar o google chrome quase parando. Começou a acontecer de uma semana pra cá e já não sei mais o que fazer.

segue o relatório do Adwcleaner:

# AdwCleaner v3.213 - Relatório criado 25/06/2014 às 18:35:13
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Corcino - CORCINO-PC
# Executando de : C:\Users\Corcino\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : CltMngSvc
[#] Serviço Deletada : dealplylive
[#] Serviço Deletada : dealplylivem
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DealPlyLive
[!] Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
Pasta Deletada : C:\Program Files (x86)\BetterSurf
Pasta Deletada : C:\Program Files (x86)\DealPly
Pasta Deletada : C:\Program Files (x86)\DealPlyLive
Pasta Deletada : C:\Program Files (x86)\Lightspark 0.5.3-git
Pasta Deletada : C:\Program Files (x86)\MediaPlayerV1
Pasta Deletada : C:\Program Files (x86)\MediaViewerV1
Pasta Deletada : C:\Program Files (x86)\MediaViewV1
Pasta Deletada : C:\Program Files (x86)\MediaWatchV1
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\Mysearchdial
Pasta Deletada : C:\Program Files (x86)\RichMediaViewV1
[!] Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\VideoPlayerV3
Pasta Deletada : C:\Program Files (x86)\WebexpEnhancedV1
Pasta Deletada : C:\Users\Corcino\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\Corcino\AppData\Local\genienext
Pasta Deletada : C:\Users\Corcino\AppData\Local\lollipop
Pasta Deletada : C:\Users\Corcino\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Corcino\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Corcino\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Corcino\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Corcino\AppData\Local\SwvUpdater
Pasta Deletada : C:\Users\Corcino\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Corcino\AppData\Local\Temp\eIntaller
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\Corcino\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Corcino\daemonprocess.txt
Arquivo Deletada : C:\Users\Corcino\AppData\Local\mysearchdial-speeddial.crx
Arquivo Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\Corcino\Desktop\Continue VuuPC Installation.lnk
Arquivo Deletada : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\windows\Tasks\AmiUpdXp.job
Arquivo Deletada : C:\windows\System32\Tasks\AmiUpdXp
Arquivo Deletada : C:\windows\Tasks\Dealply.job
Arquivo Deletada : C:\windows\System32\Tasks\Dealply
Arquivo Deletada : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
Arquivo Deletada : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
Arquivo Deletada : C:\windows\Tasks\Digital Sites.job
Arquivo Deletada : C:\windows\System32\Tasks\Digital Sites
Arquivo Deletada : C:\windows\Tasks\SaveSense.job
Arquivo Deletada : C:\windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SearchProtectINT
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKLM\Software\BetterSurf
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Lightspark Team
Chave Deletedo : HKLM\Software\MediaBuzzV1
Chave Deletedo : HKLM\Software\MediaViewerV1
Chave Deletedo : HKLM\Software\MediaViewV1
Chave Deletedo : HKLM\Software\MediaWatchV1
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [25422 octets] - [25/06/2014 18:32:39]
AdwCleaner[S0].txt - [23136 octets] - [25/06/2014 18:35:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23197 octets] ##########
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 20:56

Olá Marcos. No seu PC está constando o antivirus Baidu instalado. Você quer continuar com ele ou quer removê-lo? Seja qual for a sua resposta para esta pergunta, siga esta dica abaixo:

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 21:38

Quero remover o Baidu, pensei que já tinha desinstalado o mesmo no meu painel de controle. Não sei mais o que fazer pra remove-lo do computador.

Vou fazer o que foi passado.
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 21:51

Ok, fico no aguardo do relatório do Zoek.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 22:32

segue:


Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 25/06/2014 at 21:58:32,46.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/06/2014 21:59:52 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update focusbase deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\Corcino\.android deleted
C:\PROGRA~2\MediaBuzzV1 deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\found.000 deleted
C:\found.001 deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Corcino\AppData\Local\cache deleted
C:\Users\Corcino\Searches deleted
C:\windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys deleted
C:\windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\Syswow64\sho17F3.tmp deleted
C:\windows\Syswow64\sho18FB.tmp deleted
C:\windows\Syswow64\sho6CD8.tmp deleted
C:\windows\Syswow64\sho73D.tmp deleted
C:\windows\Syswow64\sho7A2E.tmp deleted
C:\windows\Syswow64\sho84EA.tmp deleted
C:\windows\Syswow64\sho8946.tmp deleted
C:\windows\Syswow64\shoBA4B.tmp deleted
C:\windows\Syswow64\shoBED1.tmp deleted
C:\windows\Syswow64\shoF330.tmp deleted
C:\Users\Corcino\Desktop\FREE Games.url deleted
C:\Users\Corcino\AppData\Roaming\unins000.exe deleted
"C:\Users\Corcino\AppData\Local\{180E6D6F-6C30-4096-83BE-498D774951EB}" deleted
"C:\Users\Corcino\AppData\Local\{57619DE3-C7BF-4AE0-8F16-1B17A1E1B4B3}" deleted
"C:\Users\Corcino\AppData\Local\{8467EC85-25ED-4DFC-9597-F46D2FFB24FB}" deleted
"C:\PROGRA~2\focusbase\updatefocusbase.exe" deleted
"C:\PROGRA~2\focusbase\bin\focusbase.BrowserAdapter.exe" deleted
"C:\PROGRA~2\focusbase\bin\focusbase.PurBrowse64.exe" deleted
"C:\PROGRA~2\focusbase\bin\utilfocusbase.exe" deleted
"C:\PROGRA~2\focusbase\bin\{2b929fe1-284b-4766-afb9-19b0915b99b0}.dll" deleted
"C:\PROGRA~2\focusbase" not deleted
"C:\PROGRA~2\focusbase\bin" not deleted

==== Folders Found ======================

2014-06-25 21:35:29 2014-06-25 21:35:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu\Baidu Antivirus
2014-06-25 21:35:43 2014-06-25 21:35:43 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-10-01 22:17:20 2013-12-11 19:31:33 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-06-25 15:53:53 2014-06-25 15:53:53 -------- d-----w- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
2013-10-01 22:17:21 2013-12-12 10:46:01 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-06-25 15:53:53 2014-06-25 21:38:10 -------- d-----w- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2013-12-10 01:24:07 2014-06-25 16:36:17 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-10 01:24:07 2014-06-25 16:36:17 -------- d-----w- C:\Users\All Users\Baidu Security
2013-10-01 22:16:46 2013-10-01 22:16:46 -------- d-----w- C:\Users\Corcino\AppData\Local\Temp\baidu_secure
2013-12-10 01:27:19 2013-12-10 01:27:19 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security
2013-12-11 20:18:36 2013-12-11 20:18:36 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall
2013-12-11 20:18:36 2013-12-11 20:18:36 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall HK
2014-01-23 01:31:42 2014-01-23 01:31:42 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-23 01:31:42 2014-01-23 01:31:42 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_3.6.0.38659.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.6.0.38659
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 33811728
Created time: 2013-12-10 01:24:19
Modified time: 2013-12-10 01:24:19
MD5: 5F62577604EE1A79D3E90FB79C6E8B5A
SHA1: 5CDD1A6A6917A8004580603752223880FF304A33


--- C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.53841
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 16929536
Created time: 2014-01-23 01:13:59
Modified time: 2014-01-23 01:13:59
MD5: B31EBD87CF7F09DEA4126233F713F93C
SHA1: B62E928DBA3BA792178E3BF38F1687DBD6E5B58C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Corcino\\AppData\\Local\\Temp\\Baidu_Secure_SystemUp_3.6.0.38659.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ext@RichMediaViewV1release334.net"="C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release334\ff" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aoakemeblcmijnplphlnbjhfkmfbelfc - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2441\ch\MediaViewV1alpha2441.crx[]
ionfcpociagjdjcmebbajdekdfpcdida - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1746\ch\MediaViewerV1alpha1746.crx[]
jljadeeeogfgjmpkmkjeadjjghjnmkcl - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release334\ch\RichMediaViewV1release334.crx[]
mejicchkpecjlbfdnbnfhdlambampnap - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8120\ch\MediaBuzzV1mode8120.crx[]
mgookpkclioaidnignjpjmfefaagijgc - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha815\ch\WebexpEnhancedV1alpha815.crx[]
oajipkhdmjhjfgpgafnekfdfnedlckhm - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home116\ch\MediaWatchV1home116.crx[]
oohefklmieejnmodkgobfpkknhapleag - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta912\ch\VideoPlayerV3beta912.crx[]
opmpjmhncemgenhklpodkffjblamekdh - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8847\ch\MediaViewV1alpha8847.crx[]
pppagaglfkmlpgobnlenhknilehpmcbo - C:\Program Files (x86)\PSafe\PSafeAV\safemon\360webshield.crx[]

Google Drive - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
"newtab"="about:tabs"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha815.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@VideoPlayerV3beta912.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewerV1alpha1746.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha2441.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha8847.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaWatchV1home116.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaBuzzV1mode8120.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@RichMediaViewV1release334.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Corcino\Desktop\Update Service.lnk - C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Multimedia POP.lnk - C:\Program Files\Samsung\MultimediaPOP\MultimediaPOP.exe
C:\Users\Public\Desktop\Samsung Support Center.lnk - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCMain.exe
C:\Users\Public\Desktop\User Guide.lnk - C:\Program Files\Samsung\SamsungManual\RunManual.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aoakemeblcmijnplphlnbjhfkmfbelfc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ionfcpociagjdjcmebbajdekdfpcdida deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jljadeeeogfgjmpkmkjeadjjghjnmkcl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mejicchkpecjlbfdnbnfhdlambampnap deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mgookpkclioaidnignjpjmfefaagijgc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajipkhdmjhjfgpgafnekfdfnedlckhm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oohefklmieejnmodkgobfpkknhapleag deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\opmpjmhncemgenhklpodkffjblamekdh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Video Player deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D} deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=71 folders=21 9613891 bytes)

==== Empty Temp Folders ======================

C:\Users\Corcino\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Corcino\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\focusbase" not found

==== EOF on 25/06/2014 at 22:27:47,78 ======================
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 23:23

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 11:41

segue:

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 26/06/2014 at 10:37:45,33.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Desktop\Área de trabalho\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes

==== System Restore Info ======================

26/06/2014 10:43:07 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"=-
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Corcino\\AppData\\Local\\Temp\\Baidu_Secure_SystemUp_3.6.0.38659.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"=-

==== Deleting Files \ Folders ======================

C:\Users\Corcino\AppData\Local\Temp\baidu_secure not found
"C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_3.6.0.38659.exe" not found
"C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe" not found
C:\Program Files (x86)\Baidu Security deleted
C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687 deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Corcino\AppData\Roaming\Baidu Security deleted

==== Folders Found ======================

2014-06-25 21:35:29 2014-06-25 21:35:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu\Baidu Antivirus
2014-06-25 21:35:43 2014-06-25 21:35:43 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687
2014-06-26 13:46:23 2014-06-25 21:38:10 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-26 13:46:23 2014-06-26 13:46:33 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-26 13:46:33 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_3.6.0.38659_Uninstall_Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_3.6.0.38659_Uninstall_Baidu PC Faster Uninstall HK
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-06-26 13:46:23 2014-06-25 21:38:10 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall HK
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 10:53:17,63 ======================
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 12:31

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 13:23

segue:

Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Corcino on 26/06/2014 at 13:12:17,79.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Corcino\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes
C:\zoek-results2014-06-26-135317.log 25252 bytes

==== System Restore Info ======================

26/06/2014 13:15:23 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 13:21:13,59 ======================
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 13:58

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 15:07

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 26/06/2014 at 14:57:13,26.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes
C:\zoek-results2014-06-26-135317.log 25252 bytes
C:\zoek-results2014-06-26-162113.log 6211 bytes

==== System Restore Info ======================

26/06/2014 14:59:40 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 15:05:51,23 ======================
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 15:10

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 17:14

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Corcino on 26/06/2014 at 16:51:50,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 16:59:45,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 17:16

Faça o download do < [Você precisa estar registrado e conectado para ver este link.] > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 18:51

segue:

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Corcino (26/06/2014 18:44:10)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 9
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1961 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (62%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CORCINO-PC
~ User Name: Corcino
~ All Users Names: Corcino, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Corcino\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Corcino\AppData\Roaming\
~ %Desktop% : C:\Users\Corcino\Desktop\
~ %Favorites% : C:\Users\Corcino\Favorites\
~ %LocalAppData% : C:\Users\Corcino\AppData\Local\
~ %StartMenu% : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 165 Go of 165 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 19:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 22:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 3/388
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.1596]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2352]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.2428]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3232]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3640]
[MD5.BC5C2A727B521B58A6C7ACF931D93F86] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1040264] [PID.3660]
[MD5.D5C65D259096440FF3426852C712B2E0] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [7062608] [PID.3676]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.3944]
[MD5.71094F0CC1E88EB690EA2D33CD23D4FF] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4394576] [PID.3136]
[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.3828]
[MD5.75BD6130D6D1151CB3CAA8296EAD9E5F] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [3398736] [PID.2856]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.1656]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.2256]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.804]
[MD5.B080A5552A75B4A51E058E9685440A5B] - (...) -- C:\windows\SysWOW64\nethtsrv.exe [180224] [PID.1516]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.1584]
[MD5.1F450DB569DE7C2C539834F0A35AFE37] - (...) -- C:\windows\SysWOW64\netupdsrv.exe [159744] [PID.1644]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1916]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1980]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.1976]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2044]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1996]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Corcino\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper [64Bits] - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Network HTTP Support Service (NetHttpService) . (...) - C:\windows\SysWOW64\nethtsrv.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) . (...) - C:\windows\SysWOW64\netupdsrv.exe
~ Services: 8 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{8E4A6320-0AAB-4737-A2E1-C0C0D8CCCEA9}] (...) -- c:\users\Corcino\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (nethfdrv) . (.nethfdrv - nethfdrv.) - C:\windows\system32\drivers\nethfdrv.sys
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}w64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Media Buzz - (.Media Buzz.) [HKLM][64Bits] -- MediaBuzzV1mode8120 =>PUP.MediaBuzz
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha2441 =>PUP.MediaViewer
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha8847 =>PUP.MediaViewer
O42 - Logiciel: Media Viewer - (.Media Viewer.) [HKLM][64Bits] -- MediaViewerV1alpha1746 =>PUP.MediaViewer
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM][64Bits] -- MediaWatchV1home116 =>PUP.MediaWatch
O42 - Logiciel: Network System Driver - (...) [HKLM][64Bits] -- inethnfd
O42 - Logiciel: Rich Media View - (.Rich Media View.) [HKLM][64Bits] -- RichMediaViewV1release334 =>PUP.MediaViewer
O42 - Logiciel: focusbase - (.focusbase.) [HKLM][64Bits] -- focusbase
~ Logic: 46 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\OB]
[HKCU\Software\focusbase]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\RichMediaViewV1] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\Wow6432Node\focusbase]
[HKLM\Software\baidu]
~ Key Software: 279 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/06/2014 - 23:09:50 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 24/01/2014 - 09:04:46 - [] ----D C:\Users\Corcino\AppData\Roaming\360safe
O43 - CFD: 03/10/2013 - 13:56:22 - [] ----D C:\Users\Corcino\AppData\Roaming\Virus Scan
~ Program Folder: 137 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D4307062347973B866297CF0A689CD8] - 16/06/2014 - 09:59:16 ---A- . (.nethfdrv - nethfdrv.) -- C:\Windows\System32\Drivers\nethfdrv.sys [46160]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/06/2014 - 23:14:57 ---A- . (...) -- C:\awh7242.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 12:53:44 ---A- . (...) -- C:\awh4E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:01:49 ---A- . (...) -- C:\awhFE99.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:29:10 ---A- . (...) -- C:\awhE9A2.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 12:04:58 ---A- . (...) -- C:\awh57C.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 18:43:31 ---A- . (...) -- C:\awh8B6.tmp [687]
O44 - LFC:[MD5.92D7DBD36D637402BEF95A052D32E079] - 25/06/2014 - 22:14:46 ---A- . (...) -- C:\Windows\win.ini [603]
O44 - LFC:[MD5.001A1BF2BDE7F27B334B5A69DC8A4EE4] - 25/06/2014 - 22:27:47 ---A- . (...) -- C:\zoek-results2014-06-26-012747.log [42843]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:31:17 ---A- . (...) -- C:\awhF22A.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:42:42 ---A- . (...) -- C:\awh981.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 10:39:17 ---A- . (...) -- C:\awhE08E.tmp [687]
O44 - LFC:[MD5.956AB0B6727EB8AE97709C1B8CA3AAE2] - 26/06/2014 - 10:53:17 ---A- . (...) -- C:\zoek-results2014-06-26-135317.log [25252]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 11:43:00 ---A- . (...) -- C:\awhE8B8.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 13:12:33 ---A- . (...) -- C:\awhF842.tmp [687]
O44 - LFC:[MD5.61292F053777692F6424449D3ED9B67C] - 26/06/2014 - 13:21:13 ---A- . (...) -- C:\zoek-results2014-06-26-162113.log [6211]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 15:00:02 ---A- . (...) -- C:\awh8075.tmp [687]
O44 - LFC:[MD5.C407BDB3A7824F8ACB2A979A8613F23C] - 26/06/2014 - 15:05:51 ---A- . (...) -- C:\zoek-results.log [4741]
O44 - LFC:[MD5.D49BFEA08A53F45F05EBC947014CD0B3] - 26/06/2014 - 17:17:16 ---A- . (...) -- C:\Windows\IE11_main.log [858393]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:25:43 ---A- . (...) -- C:\awhF41E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:46:34 ---A- . (...) -- C:\awhF259.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 18:41:28 ---A- . (...) -- C:\awhEB28.tmp [687]
~ Files: 36 Legitimates Filtered in 00mn 32s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{87037952-e813-11e1-847e-806e6f6e6963}\AutoRun\command. (.No owner - SETUP MFC Application.) -- E:\autorun.exe
~ Keys: Scanned in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/01/2014 - 00:59:20 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:22/01/2014 - 22:15:47 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:24/04/2012 - 16:42:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [258896]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:16/06/2014 - 09:59:16 ---A- . (.nethfdrv - nethfdrv.) -- C:\Windows\System32\Drivers\nethfdrv.sys [46160]
O58 - SDL:06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:03/04/2014 - 11:09:40 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:17/08/2012 - 11:32:44 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 64 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/06/2014 - C:\windows\system32\drivers\nethfdrv.sys (nethfdrv) .(.nethfdrv - nethfdrv.) - LEGACY_NETHFDRV
~ Legacy: 96 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C5CF6C3C97BD95591DAB1A4D0499FFC] [SPRF][26/04/2014] (...) -- C:\Users\Corcino\AppData\Roaming\unins000.dat [15831]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASMANCS =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS =>PUP.LemurLeap
~ BTK: 131 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 24/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/08/2010 166704 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/06/2014 180224 | (NetHttpService) . (...) - C:\windows\SysWOW64\nethtsrv.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 16/06/2014 159744 | (ServiceUpdater) . (...) - C:\windows\SysWOW64\netupdsrv.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode8120] =>PUP.MediaBuzz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha2441] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8847] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha1746] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home116] =>PUP.MediaWatch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release334] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\RichMediaViewV1] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^
~ Additionnel Scan: 244219 Items scanned in 00mn 45s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SaveSense
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LemurLeap
~ MSI: 4 link(s) detected in 00mn 00s



~ 758 Legitimates filtered by white list
End of the scan (493 lines in 02mn 24s)(0)


avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 19:21

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 21:59

segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Corcino at 26/06/2014 21:53:36
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\mediabuzzv1\mediabuzzv1mode8120\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewv1\mediaviewv1alpha2441\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewv1\mediaviewv1alpha8847\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewerv1\mediaviewerv1alpha1746\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediawatchv1\mediawatchv1home116\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\common files\config\uninstinethnfd.exe
AUSENTE Uninstall Process: c:\program files (x86)\richmediaviewv1\richmediaviewv1release334\uninstall.exe

========== Estado dos serviços ==========
NETHFDRV Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode8120]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha2441]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8847]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha1746]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home116]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release334]
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: nethfdrv
ELIMINÉ Driver Key: {c8905eec-9eab-447c-84a8-9e864d454523}Gw64
ELIMINÉ Driver Key: {c8905eec-9eab-447c-84a8-9e864d454523}w64
ELIMINÉ: HKCU\Software\focusbase
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\RichMediaViewV1
ELIMINÉ: HKLM\Software\Wow6432Node\SaveSenseLive
ELIMINÉ: HKLM\Software\Wow6432Node\focusbase
ELIMINÉ:* HKLM\Software\baidu
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: ETDCtrl
ELIMINÉ RunValue: csafterinstall
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\360avflt.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\efimon.sys
ELIMINÉ Temporários windows (119) (4.382.939 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {8E4A6320-0AAB-4737-A2E1-C0C0D8CCCEA9}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
22 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
4 : Ficheiros
7 : Softwares
1 : Estado dos serviços
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 38s

========== Caminho do ficheiro do relatório ==========
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 21:53:41 [3859]
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 22:46

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 23:04

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Corcino (26/06/2014 22:57:10)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 9
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1961 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (62%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CORCINO-PC
~ User Name: Corcino
~ All Users Names: Corcino, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Corcino\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Corcino\AppData\Roaming\
~ %Desktop% : C:\Users\Corcino\Desktop\
~ %Favorites% : C:\Users\Corcino\Favorites\
~ %LocalAppData% : C:\Users\Corcino\AppData\Local\
~ %StartMenu% : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 165 Go of 165 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 19:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 22:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 3/389
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.1152]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.1140]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.1100]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3428]
[MD5.BC5C2A727B521B58A6C7ACF931D93F86] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1040264] [PID.3452]
[MD5.D5C65D259096440FF3426852C712B2E0] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [7062608] [PID.3464]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.3616]
[MD5.71094F0CC1E88EB690EA2D33CD23D4FF] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4394576] [PID.2548]
[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.2332]
[MD5.75BD6130D6D1151CB3CAA8296EAD9E5F] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [3398736] [PID.3964]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.1580]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3784]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.3748]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.780]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.1596]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1884]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1944]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2112]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.1588]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1876]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Corcino\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper [64Bits] - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (nethfdrv) . (. - .) - C:\windows\system32\drivers\nethfdrv.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}w64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys (.not file.)
~ Drivers: 67 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: focusbase - (.focusbase.) [HKLM][64Bits] -- focusbase
~ Logic: 39 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\OB]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\MediaBuzzV1mode8120] =>PUP.MediaBuzz
[HKLM\Software\Wow6432Node\MediaViewV1alpha2441] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\MediaViewV1alpha8847] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\MediaViewerV1alpha1746]
[HKLM\Software\Wow6432Node\MediaWatchV1home116] =>PUP.MediaWatch
[HKLM\Software\Wow6432Node\RichMediaViewV1release334] =>PUP.MediaViewer
~ Key Software: 256 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/06/2014 - 21:53:21 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 03/10/2013 - 13:56:22 - [] ----D C:\Users\Corcino\AppData\Roaming\Virus Scan
~ Program Folder: 136 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/06/2014 - 23:14:57 ---A- . (...) -- C:\awh7242.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 12:53:44 ---A- . (...) -- C:\awh4E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:01:49 ---A- . (...) -- C:\awhFE99.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:29:10 ---A- . (...) -- C:\awhE9A2.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 12:04:58 ---A- . (...) -- C:\awh57C.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 18:43:31 ---A- . (...) -- C:\awh8B6.tmp [687]
O44 - LFC:[MD5.92D7DBD36D637402BEF95A052D32E079] - 25/06/2014 - 22:14:46 ---A- . (...) -- C:\Windows\win.ini [603]
O44 - LFC:[MD5.001A1BF2BDE7F27B334B5A69DC8A4EE4] - 25/06/2014 - 22:27:47 ---A- . (...) -- C:\zoek-results2014-06-26-012747.log [42843]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:31:17 ---A- . (...) -- C:\awhF22A.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:42:42 ---A- . (...) -- C:\awh981.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 10:39:17 ---A- . (...) -- C:\awhE08E.tmp [687]
O44 - LFC:[MD5.956AB0B6727EB8AE97709C1B8CA3AAE2] - 26/06/2014 - 10:53:17 ---A- . (...) -- C:\zoek-results2014-06-26-135317.log [25252]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 11:43:00 ---A- . (...) -- C:\awhE8B8.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 13:12:33 ---A- . (...) -- C:\awhF842.tmp [687]
O44 - LFC:[MD5.61292F053777692F6424449D3ED9B67C] - 26/06/2014 - 13:21:13 ---A- . (...) -- C:\zoek-results2014-06-26-162113.log [6211]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 15:00:02 ---A- . (...) -- C:\awh8075.tmp [687]
O44 - LFC:[MD5.C407BDB3A7824F8ACB2A979A8613F23C] - 26/06/2014 - 15:05:51 ---A- . (...) -- C:\zoek-results.log [4741]
O44 - LFC:[MD5.D49BFEA08A53F45F05EBC947014CD0B3] - 26/06/2014 - 17:17:16 ---A- . (...) -- C:\Windows\IE11_main.log [858393]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:25:43 ---A- . (...) -- C:\awhF41E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:46:34 ---A- . (...) -- C:\awhF259.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 18:41:28 ---A- . (...) -- C:\awhEB28.tmp [687]
~ Files: 35 Legitimates Filtered in 00mn 05s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{87037952-e813-11e1-847e-806e6f6e6963}\AutoRun\command. (.No owner - SETUP MFC Application.) -- E:\autorun.exe
~ Keys: Scanned in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/01/2014 - 00:59:20 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:22/01/2014 - 22:15:47 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:24/04/2012 - 16:42:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [258896]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:03/04/2014 - 11:09:40 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:17/08/2012 - 11:32:44 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 63 Legitimates Filtered in 00mn 42s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C5CF6C3C97BD95591DAB1A4D0499FFC] [SPRF][26/04/2014] (...) -- C:\Users\Corcino\AppData\Roaming\unins000.dat [15831]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 24/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/08/2010 166704 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5

[HKLM\Software\Wow6432Node\MediaBuzzV1mode8120] =>PUP.MediaBuzz^
[HKLM\Software\Wow6432Node\MediaViewV1alpha2441] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\MediaViewV1alpha8847] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\MediaWatchV1home116] =>PUP.MediaWatch^
[HKLM\Software\Wow6432Node\RichMediaViewV1release334] =>PUP.MediaViewer^
~ Additionnel Scan: 243969 Items scanned in 00mn 50s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
~ MSI: 1 link(s) detected in 00mn 00s



~ 729 Legitimates filtered by white list
End of the scan (440 lines in 02mn 52s)(0)
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 23:14

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 10:01

segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Corcino at 27/06/2014 09:55:52
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (04mn 32s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\MediaBuzzV1mode8120
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewV1alpha2441
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewV1alpha8847
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewerV1alpha1746
ELIMINÉ: HKLM\Software\Wow6432Node\MediaWatchV1home116
ELIMINÉ: HKLM\Software\Wow6432Node\RichMediaViewV1release334

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\360avflt.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\efimon.sys
ELIMINÉ Temporários windows (2) (780 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 05mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 21:53:41 [3941]
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/06/2014 10:00:24 [1391]
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Sex 27 Jun 2014, 10:07

Como está seu PC depois destes procedimentos?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 11:10

Perfeito, não sei como agradecer.

Bom saber que existem pessoas boas e disponíveis pra ajudar tb na internet.

Muito obrigado e fico a disposição pra ajudar em qualquer coisa.
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Power Max em Sex 27 Jun 2014, 12:01

isso aí! Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Você precisa estar registrado e conectado para ver este link.]

[Você precisa estar registrado e conectado para ver este link.]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Você precisa estar registrado e conectado para ver este link.].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 12:22

Ok, valeu!!!!
avatar
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

Re: Links de propaganda nos sites.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum