Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

por andersonfrizzo Qui 26 Jun 2014, 13:37

Estou com esses dois virus no meu pc, e mais uns perdidos
Fui baixar o utorrent e o bit torrent
e acabou vindo mais programas juntos e nao estou conseguindo remover indo nos programas e recursos
valeu

por **Power Max** Qui 26 Jun 2014, 13:51

Olá Anderson.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por andersonfrizzo Qui 26 Jun 2014, 14:01

# AdwCleaner v3.213 - Relatório criado 26/06/2014 às 13:55:25
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Anderson - ANDERSON-HP
# Executando de : C:\Users\Anderson\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : IePluginServices
Serviço Deletada : WindowsProtectManger

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsProtectManger
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Users\Anderson\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Anderson\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Anderson\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Anderson\AppData\Roaming\SupTab
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\System32\drivers\wStLibG64.sys
Arquivo Deletada : C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-1
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-11
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-2
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-3
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-4
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-5_user
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-6
Arquivo Deletada : C:\Windows\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\c8470bad-6418-48e6-9c78-c736c9cf9191-7
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-1
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-11
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-2
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-3
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-4
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-5
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-5_user.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-5_user
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-6
Arquivo Deletada : C:\Windows\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\db1a6e70-8215-4131-a60b-3c0ea17d3be1-7

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059568.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059568.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059568.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059568.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059599.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059599.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059599.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059599.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951199}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952299}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955599}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956699}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954499}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951168}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951199}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952268}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952299}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955599}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956699}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951168}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [14363 octets] - [09/06/2014 20:27:38]
AdwCleaner[R1].txt - [17559 octets] - [26/06/2014 13:54:56]
AdwCleaner[S0].txt - [13398 octets] - [09/06/2014 20:28:13]
AdwCleaner[S1].txt - [13337 octets] - [26/06/2014 13:55:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13398 octets] ##########

por **Power Max** Qui 26 Jun 2014, 14:04

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

No seu PC está constando o antivirus Baidu instalado. Você quer continuar com ele ou quer removê-lo? Seja qual for a sua resposta para esta pergunta, siga esta dica abaixo.
____________________________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 14:27

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Anderson on 26/06/2014 at 14:02:35,83.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anderson\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-10-041317.log 36214 bytes
C:\zoek-results2014-06-10-055409.log 19094 bytes
C:\zoek-results2014-06-10-064724.log 2214 bytes

==== System Restore Info ======================

26/06/2014 14:05:35 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Browser Tab Search by Ask deleted
C:\Users\Anderson\AppData\Roaming\omiga-plus deleted
C:\Users\Anderson\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Folders Found ======================

2014-06-10 03:28:24 2014-06-10 03:28:24 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-10 03:28:33 2014-06-10 03:28:33 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-10 05:51:22 2014-06-10 05:51:22 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-10 05:51:23 2014-02-28 01:50:43 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-10 05:51:23 2014-06-10 05:51:23 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-10 05:51:23 2014-06-10 05:51:24 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-10 05:51:26 2014-06-10 05:51:26 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-10 05:51:22 2014-02-28 01:50:43 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\Users\Anderson\Downloads\Anderson Frizzo (Backup)\Osmar\dowload\Baidu PC Faster.exe ---
Company: Appsinstaller
File Description: Application Installer
File Version: 3.1.7
Product Name:
Copyright: Copyright © 2014
Original Filename: installer.exe
File type: ----a-w-
File size: 299280
Created time: 2007-09-01 07:27:34
Modified time: 2014-03-19 22:52:22
MD5: 8A7B5296A974073F7DD0ACC4505387A9
SHA1: B1B706398004CE321A9BD9B997919647865B94CA

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Anderson\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1111.exe"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF" [25/02/2014 18:17]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx[28/04/2014 05:52]
nhfpefkeidlhbjljfdojcnngjbddgein - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[17/11/2010 07:36]

Ask Toolbar - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Comodo Drag&Drop Service - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
HD-Top1.8 - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
PrivDog - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Media Downloader - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
video MediaPlayer - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf
Comodo Share Page Service - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Website Logon - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein
Google Wallet - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_flatout-2.softonic.com.br_0.localstorage deleted successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_flatout-2.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully
C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully
C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi deleted successfully
C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{B9A5DDA0-F1A8-46EB-9A13-12F1709D796C} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Anderson\Desktop\DivX Movies.lnk - C:\Users\Anderson\Videos\DivX Movies
C:\Users\Anderson\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Anderson\Desktop\Media Player Classic - Home Cinema x64.lnk - C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
C:\Users\Public\Desktop\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\IntelliCAD 2001.lnk - C:\Program Files (x86)\CADopia\IntelliCAD 2001\icad.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Norton 360.lnk - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.3.0.12\uistub.exe
C:\Users\Public\Desktop\Play HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\Anderson\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf

==== shortcuts in Quick Launch ======================

C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Users\Anderson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Anderson\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=555 folders=188 82191071 bytes)

==== Empty Temp Folders ======================

C:\Users\Anderson\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Anderson\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 26/06/2014 at 14:22:11,61 ======================

por **Power Max** Qui 26 Jun 2014, 15:20

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 16:55

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Anderson on 26/06/2014 at 15:26:30,09.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anderson\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-10-041317.log 36214 bytes
C:\zoek-results2014-06-10-055409.log 19094 bytes
C:\zoek-results2014-06-10-064724.log 2214 bytes
C:\zoek-results2014-06-26-212211.log 20026 bytes

==== System Restore Info ======================

26/06/2014 15:27:42 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-

==== Deleting Files \ Folders ======================

"C:\Users\Anderson\Downloads\Anderson Frizzo (Backup)\Osmar\dowload\Baidu PC Faster.exe" deleted

==== Folders Found ======================

2014-06-10 03:28:24 2014-06-10 03:28:24 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-10 03:28:33 2014-06-10 03:28:33 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-10 05:51:22 2014-06-10 05:51:22 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-10 05:51:23 2014-02-28 01:50:43 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-10 05:51:23 2014-06-10 05:51:23 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-10 05:51:23 2014-06-10 05:51:24 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-10 05:51:26 2014-06-10 05:51:26 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-10 05:51:22 2014-02-28 01:50:43 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-10 05:51:25 2014-06-10 05:51:25 -------- d---a-w- C:\zoek_backup\C_Users_Anderson_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\zoek_backup\C_Users_Anderson_Downloads_Anderson Frizzo (Backup)_Osmar_dowload_Baidu PC Faster.exe.vir ---
Company: Appsinstaller
File Description: Application Installer
File Version: 3.1.7
Product Name:
Copyright: Copyright © 2014
Original Filename: installer.exe
File type: ----a-w-
File size: 299280
Created time: 2014-06-26 22:28:07
Modified time: 2014-03-19 22:52:22
MD5: 8A7B5296A974073F7DD0ACC4505387A9
SHA1: B1B706398004CE321A9BD9B997919647865B94CA

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=556 folders=188 82490538 bytes)

==== EOF on 26/06/2014 at 15:30:15,99 ======================

por **Power Max** Qui 26 Jun 2014, 16:57

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 17:10

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Anderson on 26/06/2014 at 16:57:33,07.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Anderson\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-10-041317.log 36214 bytes
C:\zoek-results2014-06-10-055409.log 19094 bytes
C:\zoek-results2014-06-10-064724.log 2214 bytes
C:\zoek-results2014-06-26-212211.log 20026 bytes
C:\zoek-results2014-06-26-223016.log 4131 bytes

==== System Restore Info ======================

26/06/2014 16:57:57 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-381771769-465813478-2955760287-1000\Software\Baidu\Hao123-br\hao123desk]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=556 folders=188 82490538 bytes)

==== EOF on 26/06/2014 at 16:58:47,97 ======================

por **Power Max** Qui 26 Jun 2014, 17:12

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por andersonfrizzo Qui 26 Jun 2014, 17:22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Anderson on 26/06/2014 at 17:09:04,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 17:16:46,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qui 26 Jun 2014, 17:24

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 17:32

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Anderson (26/06/2014 17:25:24)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17126
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.5 MUI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6091 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 435 GB (74%) free of 581 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ANDERSON-HP
~ User Name: Anderson
~ All Users Names: HomeGroupUser$, Guest, Anderson, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Anderson\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Anderson\AppData\Roaming\
~ %Desktop% : C:\Users\Anderson\Desktop\
~ %Favorites% : C:\Users\Anderson\Favorites\
~ %LocalAppData% : C:\Users\Anderson\AppData\Local\
~ %StartMenu% : C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 435 Go of 581 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.24/02/2011 - 22:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.29/05/2014 - 23:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 01:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 05:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 17:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 18:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 18:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 05:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/41
~ Mes musiques (My Musics) : 4/228
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 2/132
~ Mon Bureau (My Desktop) : 7/627
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.3780]
[MD5.AE797B72D85E87D403FC11135507922C] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.3840]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3888]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576] [PID.2220]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2176]
[MD5.75167871DBA1643E958D115714752D64] - (.Symantec Corporation - Norton 360.) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe [265040] [PID.2076]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.5288]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5300]
[MD5.1C52587C384045CAEDD49A2550C960ED] - (.HP - TouchControl.) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe [634696] [PID.4700]
[MD5.F671950094F09C339A7974FA377E9052] - (.HP - BioMonitor.) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe [142664] [PID.4308]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2428]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.6112]
[MD5.CDC54DB949D1E2BBF86B0C7AB86B912E] - (.HP - HP Service.) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [249672] [PID.840]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [528424] [PID.884]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1916]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1984]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.2032]
[MD5.491CE9B6321FB74E4B37AF2C47F98434] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.1808]
[MD5.FA4A45C179AB0E0F1A31B9751D4B18D7] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2040]
[MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1129760] [PID.5332]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.2512]
[MD5.C463A25F01C6237295917417C5E9E344] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.5144]
[MD5.3A1ECEF8D49FC1A786A6CCD5A86A8878] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3256]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 01s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.3.0.12\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 19 Legitimates Filtered in 00mn 04s

---\\ Tarefas planificadas automaticamente (039)
[MD5.FB1A303207C1124C2B61A50E5A32AC21] [APT] [Programa de atualiza‡Æo online DivX] (...) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968]
[MD5.F294C7CB3121E6A37C64B741567F7D43] [APT] [{49C35735-1617-4900-8BB9-CCBB71B69301}] (...) -- C:\Program Files (x86)\HD-Top1.8\Uninstall.exe [86552]
[MD5.65A4571DA4D611C074EC184018F8953B] [APT] [{4CEE1084-1C3A-4B29-AC74-83FA716EA079}] (...) -- C:\Program Files (x86)\video MediaPlayer\Uninstall.exe [86552]
[MD5.00000000000000000000000000000000] [APT] [{B8DA0F27-AA8C-480F-B838-D46EDD424638}] (...) -- C:\Users\Anderson\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-381771769-465813478-2955760287-1000Core [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-381771769-465813478-2955760287-1000UA [1086]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForAnderson [344]
~ Scheduled Task: 33 Legitimates Filtered in 00mn 03s

---\\ Software instalados (042)
O42 - Logiciel: HD-Top1.8 - (.HD-TopV1.8.) [HKLM][64Bits] -- HD-Top1.8
O42 - Logiciel: video MediaPlayer - (.enter.) [HKLM][64Bits] -- video MediaPlayer
~ Logic: 46 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\INPE-DPI]
[HKCU\Software\MCShield]
[HKCU\Software\MLSync]
[HKCU\Software\eBook Maestro Books]
[HKLM\Software\Spring 5.2.1 Português_x64]
[HKLM\Software\Wow6432Node\MCShield]
[HKLM\Software\Wow6432Node\Spring 5.1.8 Português_x86]
~ Key Software: 324 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/07/2012 - 12:35:12 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 26/06/2014 - 13:47:42 - [] ----D C:\Program Files (x86)\HD-Top1.8
O43 - CFD: 12/06/2012 - 11:55:57 - [] ----D C:\Program Files (x86)\SP55068
O43 - CFD: 09/03/2012 - 17:47:00 - [] ----D C:\Program Files (x86)\Umbrella Corp
O43 - CFD: 26/06/2014 - 13:47:42 - [] ----D C:\Program Files (x86)\video MediaPlayer
O43 - CFD: 29/09/2012 - 12:51:12 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 09/06/2014 - 21:52:23 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 10/12/2013 - 22:31:38 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/06/2014 - 18:22:14 - [0] ----D C:\Users\Anderson\AppData\Roaming\FreeFixer
O43 - CFD: 27/08/2012 - 23:36:02 - [] ----D C:\Users\Anderson\AppData\Roaming\VIVO INTERNET
O43 - CFD: 04/07/2012 - 14:21:38 - [] ----D C:\Users\Anderson\AppData\Local\Ares
O43 - CFD: 26/06/2014 - 13:00:29 - [] ----D C:\Users\Anderson\AppData\Local\com
O43 - CFD: 09/06/2014 - 18:34:52 - [] ----D C:\Users\Anderson\AppData\Local\FreeFixer
O43 - CFD: 26/06/2014 - 13:03:52 - [0] ----D C:\Users\Anderson\AppData\Local\Genesis_06261956 =>PUP.Genesis
O43 - CFD: 05/10/2012 - 10:20:26 - [0] ----D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring 5.1.8 Português _x86
~ Program Folder: 203 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.FC17A85EBCAEBF634CDC7EEDF6CC4C59] - 26/06/2014 - 13:04:56 ---A- . (...) -- C:\zoek-results2014-06-10-064724.log [2214]
O44 - LFC:[MD5.008B847F316C957C02189E4D6B1E6F54] - 26/06/2014 - 13:22:11 ---A- . (...) -- C:\zoek-results2014-06-26-212211.log [20026]
O44 - LFC:[MD5.C6FFE96C4C76187417E7AB2FA963758F] - 26/06/2014 - 13:26:15 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147108]
O44 - LFC:[MD5.B7DB2B8D4666914258E4046CBAB5C63C] - 26/06/2014 - 13:26:15 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705268]
O44 - LFC:[MD5.D84E9EBD0BC80EFE85BF1E2446640647] - 26/06/2014 - 14:30:16 ---A- . (...) -- C:\zoek-results2014-06-26-223016.log [4131]
O44 - LFC:[MD5.D9B197114F5F2CD6E5C24AC636339317] - 26/06/2014 - 15:58:47 ---A- . (...) -- C:\zoek-results.log [1343]
~ Files: 16 Legitimates Filtered in 00mn 01s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 06:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 06:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 02:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 17:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 12:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:18/06/2010 - 23:36:04 ---A- . (.Siliten - Flex Define Keyboard Driver.) -- C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [17920]
O58 - SDL:13/07/2009 - 17:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:20/12/2013 - 16:35:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384]
O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:09/10/2012 - 07:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:05/03/2014 - 05:25:06 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:04/10/2010 - 15:59:32 ---A- . (...) -- C:\Windows\SysWOW64\StarOpen.sys [5632]
~ Drivers: 81 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/02/2014 - C:\Windows\system32\Drivers\N360x64\1503000.00C\SYMNETS.sys (SymNetS) .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
~ Legacy: 99 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {B9A5DDA0-F1A8-46EB-9A13-12F1709D796C} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A4D3CFF4EC6B71C83AE03B775EE50768] [SPRF][20/02/2014] (...) -- C:\Users\Anderson\AppData\Roaming\unins000.dat [18515]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
~ BTK: 341 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/11/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/11/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/12/2013 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 29/07/2010 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 07/12/2010 249672 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 21/07/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10/06/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 23/11/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/05/2014 265040 | (N360) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe
SR - | Auto 20/12/2013 301568 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 23/11/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

C:\Users\Anderson\AppData\Local\Genesis_06261956 =>PUP.Genesis^
~ Additionnel Scan: 332812 Items scanned in 00mn 17s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 5 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Genesis
~ MSI: 2 link(s) detected in 00mn 00s

~ 906 Legitimates filtered by white list
End of the scan (470 lines in 01mn 51s)(0)

por **Power Max** Qui 26 Jun 2014, 17:53

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________________

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 17:57

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Anderson at 26/06/2014 17:53:18
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 12s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\hd-top1.8\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HD-Top1.8]
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (115) (1.795.682 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {49C35735-1617-4900-8BB9-CCBB71B69301}
ELIMINÉ: {4CEE1084-1C3A-4B29-AC74-83FA716EA079}
ELIMINÉ: {B8DA0F27-AA8C-480F-B838-D46EDD424638}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 29s

========== Caminho do ficheiro do relatório ==========
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 23:39:23 [3487]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/06/2014 00:08:27 [1189]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/06/2014 17:53:30 [2040]

por **Power Max** Qui 26 Jun 2014, 17:59

Reinicie o PC para que a limpeza seja completada.

Depois de reiniciar faça o seguinte:

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por andersonfrizzo Qui 26 Jun 2014, 18:11

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Anderson (26/06/2014 18:01:30)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17126
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.5 MUI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6091 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 435 GB (74%) free of 581 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ANDERSON-HP
~ User Name: Anderson
~ All Users Names: HomeGroupUser$, Guest, Anderson, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Anderson\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Anderson\AppData\Roaming\
~ %Desktop% : C:\Users\Anderson\Desktop\
~ %Favorites% : C:\Users\Anderson\Favorites\
~ %LocalAppData% : C:\Users\Anderson\AppData\Local\
~ %StartMenu% : C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 435 Go of 581 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.24/02/2011 - 22:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.29/05/2014 - 23:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 01:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 05:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 17:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 18:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 18:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 05:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 02s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/41
~ Mes musiques (My Musics) : 4/228
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 2/132
~ Mon Bureau (My Desktop) : 7/628
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 04s

---\\ Processos lançados
[MD5.75167871DBA1643E958D115714752D64] - (.Symantec Corporation - Norton 360.) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe [265040] [PID.2080]
[MD5.1C52587C384045CAEDD49A2550C960ED] - (.HP - TouchControl.) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe [634696] [PID.3688]
[MD5.F671950094F09C339A7974FA377E9052] - (.HP - BioMonitor.) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe [142664] [PID.3820]
[MD5.A0ABBAD8CE99CBF8467D697073B38E87] - (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [8192] [PID.3676]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.4196]
[MD5.AE797B72D85E87D403FC11135507922C] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.4240]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.4252]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576] [PID.4272]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4308]
[MD5.434FEE6FF661DCABADB69E55E0747494] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312] [PID.4868]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4824]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.3100]
[MD5.CDC54DB949D1E2BBF86B0C7AB86B912E] - (.HP - HP Service.) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [249672] [PID.860]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [528424] [PID.904]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1844]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1908]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1948]
[MD5.491CE9B6321FB74E4B37AF2C47F98434] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.1228]
[MD5.FA4A45C179AB0E0F1A31B9751D4B18D7] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.752]
[MD5.50D9949020E02B847CD48F1243FCB895] - (.Skype Technologies - Skype Updater Service.) -- C:\Program Files (x86)\Skype\Updater\Updater.exe [172192] [PID.2184]
[MD5.D2946D9F020AE76E9CEF9B4A6DF838C0] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1129760] [PID.4672]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 01s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.3.0.12\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4662FA3E-F8BF-4EDD-8E25-59A5C861E373}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9B2274C1-9AB9-4FF1-960A-D6046791BDF1}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F83992CB-6F2C-4A56-B083-504245C28354}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 19 Legitimates Filtered in 00mn 05s

---\\ Tarefas planificadas automaticamente (039)
[MD5.FB1A303207C1124C2B61A50E5A32AC21] [APT] [Programa de atualiza‡Æo online DivX] (...) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-381771769-465813478-2955760287-1000Core [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-381771769-465813478-2955760287-1000UA [1086]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForAnderson [344]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 06s

---\\ Software instalados (042)
O42 - Logiciel: video MediaPlayer - (.enter.) [HKLM][64Bits] -- video MediaPlayer
~ Logic: 45 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\INPE-DPI]
[HKCU\Software\MCShield]
[HKCU\Software\MLSync]
[HKCU\Software\eBook Maestro Books]
[HKLM\Software\Spring 5.2.1 Português_x64]
[HKLM\Software\Wow6432Node\HD-Top1.8]
[HKLM\Software\Wow6432Node\MCShield]
[HKLM\Software\Wow6432Node\Spring 5.1.8 Português_x86]
~ Key Software: 321 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/07/2012 - 12:35:12 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 12/06/2012 - 11:55:57 - [] ----D C:\Program Files (x86)\SP55068
O43 - CFD: 09/03/2012 - 17:47:00 - [] ----D C:\Program Files (x86)\Umbrella Corp
O43 - CFD: 26/06/2014 - 13:47:42 - [] ----D C:\Program Files (x86)\video MediaPlayer
O43 - CFD: 29/09/2012 - 12:51:12 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 09/06/2014 - 21:52:23 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 10/12/2013 - 22:31:38 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/06/2014 - 18:22:14 - [0] ----D C:\Users\Anderson\AppData\Roaming\FreeFixer
O43 - CFD: 27/08/2012 - 23:36:02 - [] ----D C:\Users\Anderson\AppData\Roaming\VIVO INTERNET
O43 - CFD: 04/07/2012 - 14:21:38 - [] ----D C:\Users\Anderson\AppData\Local\Ares
O43 - CFD: 26/06/2014 - 13:00:29 - [] ----D C:\Users\Anderson\AppData\Local\com
O43 - CFD: 09/06/2014 - 18:34:52 - [] ----D C:\Users\Anderson\AppData\Local\FreeFixer
O43 - CFD: 05/10/2012 - 10:20:26 - [0] ----D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spring 5.1.8 Português _x86
~ Program Folder: 201 Legitimates Filtered in 00mn 02s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.FC17A85EBCAEBF634CDC7EEDF6CC4C59] - 26/06/2014 - 13:04:56 ---A- . (...) -- C:\zoek-results2014-06-10-064724.log [2214]
O44 - LFC:[MD5.008B847F316C957C02189E4D6B1E6F54] - 26/06/2014 - 13:22:11 ---A- . (...) -- C:\zoek-results2014-06-26-212211.log [20026]
O44 - LFC:[MD5.C6FFE96C4C76187417E7AB2FA963758F] - 26/06/2014 - 13:26:15 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147108]
O44 - LFC:[MD5.B7DB2B8D4666914258E4046CBAB5C63C] - 26/06/2014 - 13:26:15 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705268]
O44 - LFC:[MD5.D84E9EBD0BC80EFE85BF1E2446640647] - 26/06/2014 - 14:30:16 ---A- . (...) -- C:\zoek-results2014-06-26-223016.log [4131]
O44 - LFC:[MD5.D9B197114F5F2CD6E5C24AC636339317] - 26/06/2014 - 15:58:47 ---A- . (...) -- C:\zoek-results.log [1343]
~ Files: 16 Legitimates Filtered in 00mn 09s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 06:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 06:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 02:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 17:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 12:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:18/06/2010 - 23:36:04 ---A- . (.Siliten - Flex Define Keyboard Driver.) -- C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [17920]
O58 - SDL:13/07/2009 - 17:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:20/12/2013 - 16:35:48 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [528384]
O58 - SDL:13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:09/10/2012 - 07:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:05/03/2014 - 05:25:06 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:04/10/2010 - 15:59:32 ---A- . (...) -- C:\Windows\SysWOW64\StarOpen.sys [5632]
~ Drivers: 81 Legitimates Filtered in 01mn 31s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 17/02/2014 - C:\Windows\system32\Drivers\N360x64\1503000.00C\SYMNETS.sys (SymNetS) .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
~ Legacy: 99 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {B9A5DDA0-F1A8-46EB-9A13-12F1709D796C} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A4D3CFF4EC6B71C83AE03B775EE50768] [SPRF][20/02/2014] (...) -- C:\Users\Anderson\AppData\Roaming\unins000.dat [18515]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/11/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/11/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/12/2013 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 29/07/2010 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 07/12/2010 249672 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 21/07/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10/06/2013 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 23/11/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/05/2014 265040 | (N360) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/12/2013 301568 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 23/11/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s

---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 332556 Items scanned in 01mn 28s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 5 Legitimates Filtered in 00mn 00s

~ 902 Legitimates filtered by white list
End of the scan (448 lines in 04mn 26s)(0)

por **Power Max** Qui 26 Jun 2014, 18:20

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 18:29

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Anderson at 26/06/2014 18:20:45
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 24s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\HD-Top1.8

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (2) (35.128 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema

End of clean in 00mn 54s

========== Caminho do ficheiro do relatório ==========
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 23:39:23 [3487]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/06/2014 00:08:27 [1189]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/06/2014 16:53:30 [2123]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R4].txt - 26/06/2014 18:21:10 [1322]

por andersonfrizzo Qui 26 Jun 2014, 18:39

Esta bem melhor, mais rápido percebesse..
Obrigado!!!

ah algo mais a fazer ainda?

por **Power Max** Qui 26 Jun 2014, 18:42

Ficou faltando só remover o video MediaPlayer, eu tinha me esquecido que você queria remover ele.

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

problemas - Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por andersonfrizzo Qui 26 Jun 2014, 20:11

a é mesmo, pensei que havia removido anteriormente..
segue abaixo os dados...

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Anderson at 26/06/2014 20:05:30
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\video mediaplayer\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\video MediaPlayer]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (37.528 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
1 : Restauração Sistema

End of clean in 00mn 48s

========== Caminho do ficheiro do relatório ==========
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 23:39:23 [3487]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/06/2014 00:08:27 [1189]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/06/2014 16:53:30 [2123]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R4].txt - 26/06/2014 17:21:10 [1405]
C:\Users\Anderson\AppData\Roaming\ZHP\ZHPFix[R5].txt - 26/06/2014 20:05:35 [1425]

por andersonfrizzo Qui 26 Jun 2014, 20:13

Esta video mediaplayer, seria um virus tambem, ou um o player msm do windows?

por **Power Max** Qui 26 Jun 2014, 20:23

É outro diferente, e em muitos sites é dito que ele é ruim.

Como está o PC?

por andersonfrizzo Qui 26 Jun 2014, 20:33

Esta bem melhor que no inicio kkk

Muito obrigado aii!! otimo trabalho!!

por Conteúdo patrocinado

Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Re: Problemas em remover o HD TOP 1.8 e Video mediaplayer do meu PC

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30