Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14444 usuários registrados
O último usuário registrado atende pelo nome de anaramos007

Os nossos membros postaram um total de 35202 mensagens em 3565 assuntos
Últimos assuntos
» alguém pode me ajudar?
por joram Ontem à(s) 22:51

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Novembro 2017
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


Remocão do Baidu Antivírus

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Remocão do Baidu Antivírus

Mensagem por brmct em Qui 17 Jul 2014, 14:21

Primeiramente gostaria de saber se estou relatando o caso na aba certa. Tentei remover o BAIDU por todos os métodos que achei no google e nada, ele desliga todos os programas de remoção e o unistall do próprio Baidu não responde ao comando. Ficaria muito grata se alguém pudesse me ajudar.

Segue o relatório HiJack

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:57:17, on 17/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\browseri_appe 1.2\browseri_appe 1.2-bg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0Q9RGU1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: CrossriderApp0060346 - {11111111-1111-1111-1111-110611031146} - C:\Program Files\Browseri_Appe 1.2\Browseri_Appe 1.2-bho.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll
O3 - Toolbar: mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [NCPluginUpdater] "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
O4 - HKLM\..\RunOnce: [VOPackage] C:\Users\Marta\AppData\Roaming\VOPackage\VOPackage.exe /runonce
O8 - Extra context menu item: &Enviar para o OneNote - [Você precisa estar registrado e conectado para ver este link.]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Você precisa estar registrado e conectado para ver este link.]
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Baidu AntiVirus Service (bavsvc) - Unknown owner - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe (file missing)
O23 - Service: Baidu Hips Service (bhipssvc) - Unknown owner - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

--
End of file - 11964 bytes


Última edição por joram em Dom 31 Ago 2014, 04:03, editado 4 vez(es) (Razão : não havia colocado o relatório do Hijack)
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Qui 17 Jul 2014, 18:02

Baixe o programa IObit Uninstaller acessando este link abaixo e clicando no botão Free Download:
[Você precisa estar registrado e conectado para ver este link.]

Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro).

Quando o PC estiver no modo seguro com rede para usar corretamente o IObit Uninstaller siga as dicas deste tutorial

[Você precisa estar registrado e conectado para ver este link.]

Seguindo as dicas do tutorial acima, use o IObit Uninstaller para desinstalar o Baidu.

Depois disto nos diga se o Baidu foi removido.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Sex 18 Jul 2014, 12:52

boa tarde, o IOBit está tentando desinstalar o Baidu a meia hora e nada ainda, em relação ao tutorial não consegui abrir, só dá erro de execução
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Sex 18 Jul 2014, 13:01

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Sex 18 Jul 2014, 14:05

Segue relatório


# AdwCleaner v3.216 - Relatório criado 18/07/2014 às 13:41:22
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Marta - MARTA-HP
# Executando de : C:\Users\Marta\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : IePluginServices

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\Program Files\Easy  Deals
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\Mega Browse
Pasta Deletada : C:\Program Files\Mysearchdial
Pasta Deletada : C:\Program Files\NetCrawl
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\RegClean Pro
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Users\Marta\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Marta\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Marta\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Marta\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Marta\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Marta\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Marta\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Marta\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial
Arquivo Deletada : C:\Windows\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-1
Arquivo Deletada : C:\Windows\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-2
Arquivo Deletada : C:\Windows\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-3
Arquivo Deletada : C:\Windows\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-4
Arquivo Deletada : C:\Windows\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\4687970a-3c72-4da9-ab9b-abc02e5fab8f-5
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-1
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-10.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-10
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-11
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-2
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-3
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-4
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-5
Arquivo Deletada : C:\Windows\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-5_user.job
Arquivo Deletada : C:\Windows\System32\Tasks\7d44748e-4c04-4cf8-9646-67eb47daf177-5_user

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42B164D1-BE8D-41C8-97C3-DC31EABBDA25}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B164D1-BE8D-41C8-97C3-DC31EABBDA25}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F68715F-3154-4E1B-9C85-8B50C3C0AF48}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F68715F-3154-4E1B-9C85-8B50C3C0AF48}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F29086-08D9-43CD-9AC6-C35AC05701E2}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F29086-08D9-43CD-9AC6-C35AC05701E2}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0614D002-3BD0-4B50-BB3F-E38779C0482C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0614D002-3BD0-4B50-BB3F-E38779C0482C}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29894793-B9CD-437C-B440-905BA2DE7C05}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29894793-B9CD-437C-B440-905BA2DE7C05}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E3BF764-6D4C-4008-8AE6-6D2A1D2696A9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E3BF764-6D4C-4008-8AE6-6D2A1D2696A9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7295EE0-520C-4566-A4BA-FB8056F9ED6B}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7295EE0-520C-4566-A4BA-FB8056F9ED6B}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4EA7623-7B93-465A-993A-C26063AAE81B}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4EA7623-7B93-465A-993A-C26063AAE81B}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C08E3D7F-E0FA-4DF7-96D8-13F9A1E95585}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009DAA6E-7EE1-4296-8DF8-797A2D3BDCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5779478-C040-4C1F-9327-33AFF8BDF7E8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C08E3D7F-E0FA-4DF7-96D8-13F9A1E95585}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5779478-C040-4C1F-9327-33AFF8BDF7E8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{009DAA6E-7EE1-4296-8DF8-797A2D3BDCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8109735-CC23-4ECF-963C-1268360E5742}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8109735-CC23-4ECF-963C-1268360E5742}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B057DF6-8353-4D0C-BD58-5B22407C6989}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B057DF6-8353-4D0C-BD58-5B22407C6989}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F342FFF-DEC3-4CDE-AB58-0745FEDF5842}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F342FFF-DEC3-4CDE-AB58-0745FEDF5842}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CB58B5B9-EB0A-48C3-8399-E112BB373077}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB58B5B9-EB0A-48C3-8399-E112BB373077}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA85531-A456-4CAA-B7E7-D00CCB1EC761}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEA85531-A456-4CAA-B7E7-D00CCB1EC761}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\speedupmypc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060346.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060346.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311991194}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611031146}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322992294}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622032246}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355995594}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655035546}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366996694}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666036646}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344994494}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644034446}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611031146}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311991194}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611031146}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311991194}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611031146}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Mega Browse
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\Mega Browse
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWindowsMangerProtect
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

[ Arquivo : C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [24751 octets] - [18/07/2014 13:39:42]
AdwCleaner[S0].txt - [21923 octets] - [18/07/2014 13:41:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21984 octets] ##########
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Sex 18 Jul 2014, 14:23

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Sex 18 Jul 2014, 14:38

Segue relatório solicitado, o Baidu ainda está no PC.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Marta on 18/07/2014 at 14:27:10,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/07/2014 at 14:35:57,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Sex 18 Jul 2014, 14:40

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 19 Jul 2014, 10:44, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Sex 18 Jul 2014, 15:36

Segue o log do Zoek


Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by Marta on 18/07/2014 at 14:49:48,58.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18/07/2014 14:51:12 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Browseri_Appe 1.2 deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\ProductData deleted
C:\Users\Marta\Searches deleted
C:\Windows\system32\config\systemprofile\Searches deleted
"C:\Windows\Installer\a6f5a.msi" deleted
"C:\Windows\System32\SETCB40.tmp" not deleted

==== Folders Found ======================

2014-07-18 16:41:24 2014-07-18 16:41:24 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-07-18 16:41:26 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu
2014-07-18 16:41:27 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu\Baidu Antivirus
2014-07-18 16:41:29 2014-07-18 16:41:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-07-17 19:16:56 2014-07-17 19:16:56 -------- d-----w- C:\Program Files\Baidu Security
2014-07-03 15:42:54 2014-07-03 15:42:54 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687
2014-07-03 15:42:54 2014-07-03 19:17:48 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-07-03 15:43:10 2014-07-14 15:57:28 -------- d-----w- C:\ProgramData\Baidu Security
2014-07-03 15:43:02 2014-07-03 15:43:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-07-03 15:43:10 2014-07-14 15:57:28 -------- d-----w- C:\Users\All Users\Baidu Security
2014-07-03 15:43:02 2014-07-03 15:43:02 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-07-03 20:09:56 2014-07-03 20:09:56 -------- d-----w- C:\Users\Marta\AppData\Roaming\Baidu Security
2014-07-17 19:25:46 2014-07-17 19:25:46 -------- d-----w- C:\Users\Public\Documents\Baidu Security

==== Files Found ======================


--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-07-03 15:42:38
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-07-03 15:42:38
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-03 15:43:02
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-03 15:43:02
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKI717M6\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83532
Created time: 2014-07-18 17:44:54
Modified time: 2014-07-18 17:44:54
MD5: FBE66F354EBF5058F79EFC0305D920FE
SHA1: 1A32CD3F9BBE1A40C0E14E1EEA688F83F91EA960


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZJ61YCJ\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 74045
Created time: 2014-07-18 17:24:51
Modified time: 2014-07-18 17:24:52
MD5: 869F3CDBD26B965DB86A48661FD105DD
SHA1: CFDCD6E456AD75A5A126348CDCDE3D60340310D1


--- C:\Users\Marta\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76716.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.9.76716
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 22522056
Created time: 2014-07-17 19:17:03
Modified time: 2014-07-17 19:17:03
MD5: E2A81E848B53412920AB817452E24E2E
SHA1: FE0EFC3B6A97D896AC1635902930BCDFA1CE35A5


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
"DisplayName"="Baidu AntiVirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
"DisplayName"="Baidu AntiVirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
"DisplayName"="Baidu AntiVirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.9.76716&userid=b9d1ae8a9e618169c50a62c3b8529b0e&old_userid=S2BVJ56B-101F742A95F6!c982ddfb-0a3b-4c58-8299-cc775557418a@#101F742A95F6&install_time=2014-07-17 19:25:46&install_time_num=1405635946&parent_name=&uninstall_time=2014-07-17 19:29:42&uninstall_time_num=1405636182"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.9.76716&userid=b9d1ae8a9e618169c50a62c3b8529b0e&old_userid=S2BVJ56B-101F742A95F6!c982ddfb-0a3b-4c58-8299-cc775557418a@#101F742A95F6&install_time=2014-07-17 19:25:46&install_time_num=1405635946&parent_name=&uninstall_time=2014-07-17 19:29:42&uninstall_time_num=1405636182"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Office\14.0\Common\Internet]
"UseRWHlinkNavigation"="http://www.forumpcbrasil.com/t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor#22783"

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Uninstall.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn" [18/07/2014 13:42]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx[26/06/2014 07:22]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ig.com.br/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://ig.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{47C6B466-7E75-4482-A5F6-16F3273BB247}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{47C6B466-7E75-4482-A5F6-16F3273BB247} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Marta\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\MSN.lnk - C:\Program Files\Online Services\MSN\MSN.vbs "http://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=msn_first&pf=cmdt&locale=PT_BR&bd=all&c=113" "MSN" "http://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=msn&pf=cmdt&locale=PT_BR&bd=all&c=113" "MSN-Saiba Agora"
C:\Users\Default User\Desktop\MSN.lnk - C:\Program Files\Online Services\MSN\MSN.vbs "http://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=msn_first&pf=cmdt&locale=PT_BR&bd=all&c=113" "MSN" "http://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=msn&pf=cmdt&locale=PT_BR&bd=all&c=113" "MSN-Saiba Agora"
C:\Users\Marta\Desktop\Arquivos de instalação do Norton.lnk -  
C:\Users\Marta\Desktop\Bav - Atalho.lnk - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Bav.exe
C:\Users\Marta\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marta\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Marta\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marta\Desktop\ScreenHunter 6.0 Free.lnk - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Crie um site.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Public\Desktop\Experimente HP Virtual Rooms.lnk -  
C:\Users\Public\Desktop\HP LaserJet 100 color MFP M175 - Centro de ajuda e aprendizado.lnk - C:\Program Files\hp\HP LaserJet 100 color MFP M175\Help_Learn\Help.exe
C:\Users\Public\Desktop\HP LJ100 M175 Scan.lnk - C:\Program Files\hp\HP LJ100 M175\bin\HPScan.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\Huddle.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\Microsoft Office 2010.lnk - C:\SYSTEM.SAV\util\OfficeDesktopIconThread.exe
C:\Users\Public\Desktop\Norton 360.lnk - C:\Program Files\Norton 360\Engine\21.4.0.13\uistub.exe
C:\Users\Public\Desktop\WildTangent Games App - hp.lnk - C:\Program Files\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp hpbpc2c11

==== shortcuts in Users Start Menu ======================

C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 6.0 Free.lnk - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\LiveUpdate.lnk - C:\Program Files\Norton 360\Engine\21.4.0.13\uistub.exe /lu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\NBRT.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Norton 360.lnk - C:\Program Files\Norton 360\Engine\21.4.0.13\uistub.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Support.lnk - C:\Program Files\Norton 360\Engine\21.4.0.13\symerr.exe /support
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Uninstall Norton 360.lnk - C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\21.4.0.13\inststub.exe /X /shortcut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk - C:\Windows\Installer\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk - C:\Windows\Installer\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free\ScreenHunter 6.0 Free.lnk - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free\ScreenHunter User Guide.lnk - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free\Uninstall.lnk - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\UNWISE.EXE

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Limpa profundamente arquivos de Spam.lnk - C:\Program Files\iSafe\iStart.exe -divertop -param0=9 -param1=0 -param2=1
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Crie um site.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Public\Desktop\Huddle.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Browseri_Appe 1.2 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Easy  Deals deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=30 folders=7 10742356 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marta\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\System32\SETCB40.tmp"  not deleted

==== EOF on 18/07/2014 at 15:15:43,62 ======================
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Sex 18 Jul 2014, 16:43

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 19 Jul 2014, 10:44, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Sex 18 Jul 2014, 17:16

Segue relatório, depois disso tenho que ir embora e só retorno nesse PC na segunda feira mas obrigado mesmo assim pela ajuda e na segunda a gente termina.



Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by Marta on 18/07/2014 at 16:45:49,37.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-18-181543.log 35617 bytes

==== System Restore Info ======================

18/07/2014 16:47:04 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted

successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bavsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bhipssvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bhipssvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bavsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bhipssvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]
"url"=-
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]
"url"=-
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant

\Persisted]
"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Deleting Files \ Folders ======================

"C:\Users\Marta\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76716.exe" not found
C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log\BavTray.log" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log\BavTray.log" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687" not deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus" not deleted
"C:\Users\Marta\AppData\Roaming\Baidu Security" deleted
"C:\Users\Public\Documents\Baidu Security" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus" not deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log" deleted
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\log" deleted

==== Folders Found ======================

2014-07-18 16:41:24 2014-07-18 16:41:24 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-07-18 16:41:26 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu
2014-07-18 16:41:27 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu\Baidu

Antivirus
2014-07-18 16:41:29 2014-07-18 16:41:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-07-03 15:42:54 2014-07-03 15:42:54 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687
2014-07-03 15:42:54 2014-07-18 19:51:22 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-07-18 19:50:25 2014-07-18 19:50:25 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-07-18 19:50:25 2014-07-18 19:50:25 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-07-18 19:50:53 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu

Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu

Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start

Menu_Programs_Baidu Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_Marta_AppData_Roaming_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-07-18 19:50:25 2014-07-18 19:50:53 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu

Antivirus

==== Files Found ======================


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KXJFS70U\t2724-remocao-do-baidu-antivirus-

impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 147578
Created time: 2014-07-18 19:44:34
Modified time: 2014-07-18 19:44:34
MD5: 526FD70115958B0173915DBAE3F46DBD
SHA1: F00A0CFAA7B6E4500B858BD42BE363255B9624D9


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPEZWYP0\t2724-remocao-do-baidu-antivirus-

impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83843
Created time: 2014-07-18 18:18:07
Modified time: 2014-07-18 18:18:09
MD5: E64EA13D7DDE9F777939C2079E3B4416
SHA1: 3212D2E859E941C42BB8AFAAF3F0B72DC808DBCD


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png

---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-07-18 19:50:37
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon

\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-07-18 19:50:37
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png

---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-07-18 19:50:58
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon

\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-07-18 19:50:58
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-18 19:51:04
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-18 19:51:04
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]

[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Office\14.0\Common\Internet]
"UseRWHlinkNavigation"="http://www.forumpcbrasil.com/t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor#22783"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3925 folders=600 237039083 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files\Baidu-Security-2014-4.4.4.73687"  not found
"C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus"  not found

==== EOF on 18/07/2014 at 16:57:23,38 ======================
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Sab 19 Jul 2014, 10:43

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Seg 21 Jul 2014, 12:05, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Seg 21 Jul 2014, 11:45

Segue relatório do Zloek.... o PC está muito lento, demora demais para abrir os comando.]



Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by Marta on 21/07/2014 at 11:37:13,77.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-18-181543.log 35617 bytes
C:\zoek-results2014-07-18-195723.log 27983 bytes

==== System Restore Info ======================

21/07/2014 11:39:23 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970519]
[-HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\4970628]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu-Security-2014-4.4.4.73687 not found
C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus not found

==== Folders Found ======================

2014-07-18 16:41:24 2014-07-18 16:41:24 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-07-18 16:41:26 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu
2014-07-18 16:41:27 2014-07-18 16:41:27 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Marta\AppData\Roaming\baidu\Baidu Antivirus
2014-07-18 16:41:29 2014-07-18 16:41:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-07-18 19:50:25 2014-07-18 19:50:25 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-07-18 19:50:25 2014-07-18 19:50:25 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-07-18 19:50:53 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_Marta_AppData_Roaming_Baidu Security
2014-07-18 19:51:04 2014-07-18 19:51:04 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-07-18 19:50:25 2014-07-18 19:50:53 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus

==== Files Found ======================


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KXJFS70U\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 147578
Created time: 2014-07-18 19:44:34
Modified time: 2014-07-18 19:44:34
MD5: 526FD70115958B0173915DBAE3F46DBD
SHA1: F00A0CFAA7B6E4500B858BD42BE363255B9624D9


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LH189VMD\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 147259
Created time: 2014-07-18 19:58:38
Modified time: 2014-07-18 19:58:39
MD5: 02EBABD90E219B219084159BBD4E4D5A
SHA1: DACDBD93A4B8B75E8F881608D3F07077000B0DBB


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPEZWYP0\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[1].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83843
Created time: 2014-07-18 18:18:07
Modified time: 2014-07-18 18:18:09
MD5: E64EA13D7DDE9F777939C2079E3B4416
SHA1: 3212D2E859E941C42BB8AFAAF3F0B72DC808DBCD


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPEZWYP0\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[2].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 147282
Created time: 2014-07-18 20:01:11
Modified time: 2014-07-18 20:01:24
MD5: AB6915E972581AD23A13987CC8BB7701
SHA1: 60E73BD775990E8033E23EBE7C55FD7AE3C0235B


--- C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPEZWYP0\t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor[3].htm ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 168291
Created time: 2014-07-21 14:34:41
Modified time: 2014-07-21 14:34:43
MD5: 7B7E69A850F66AA7F5774D12020DF2B8
SHA1: 48E395D4316ED78B065D445F2480E4B8985DC52B


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-07-18 19:50:37
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-07-18 19:50:37
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-07-18 19:50:58
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-07-18 19:50:58
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-18 19:51:04
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1299
Created time: 2014-07-18 19:51:04
Modified time: 2014-07-03 17:03:24
MD5: 7AC17690B82B2D4C6A6DF396BD6C6E8A
SHA1: 30DB7313573617EFA80010AE523958D7AAF301F8


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Office\14.0\Common\Internet]
"UseRWHlinkNavigation"="http://www.forumpcbrasil.com/t2724-remocao-do-baidu-antivirus-impossivel-me-ajudem-por-favor#22783"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3925 folders=600 237039083 bytes)

==== EOF on 21/07/2014 at 11:43:51,18 ======================
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 12:04

Faça o download do < [Você precisa estar registrado e conectado para ver este link.] > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Remocão do BAIDU ANTIVIRUS impossível Me Ajudem por favor

Mensagem por brmct em Seg 21 Jul 2014, 12:34

Segue relatório do ZHPDiag


~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman  (19/07/2014)
~ Iniciado por Marta (21/07/2014 12:23:40)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1650 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 393 GB (86%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARTA-HP
~ User Name: Marta
~ All Users Names: Marta, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marta\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marta\AppData\Roaming\
~ %Desktop% : C:\Users\Marta\Desktop\
~ %Favorites% : C:\Users\Marta\Favorites\
~ %LocalAppData% : C:\Users\Marta\AppData\Local\
~ %StartMenu% : C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 393 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 18:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes musiques (My Musics) : 1/2785
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 2/10233
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 12s



---\\ Processos lançados
[MD5.4FF9D0D5FEC26D9F2312A8C15CA59C8F] - (.No owner - Monitor LED Key.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe   [53248] [PID.3260]
[MD5.5E1659BD35E69AA6083FF8D552E5B1D5] - (.Symantec Corporation - Norton 360.) -- C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe   [265040] [PID.736]
[MD5.59EDE803FC22CBD90A3A368571511032] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [10082920] [PID.3664]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe   [62768] [PID.3692]
[MD5.BE173815C4F7C3C8193180AFC3F05DE3] - (.Hewlett-Packard - HP Keyboard Kit OSD.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.exe   [710656] [PID.3552]
[MD5.47DCE3A2FE0B34DD9F01EB4037303A3E] - (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe   [656896] [PID.3480]
[MD5.4298DB2F9FE4FE4C96AC4528542680F8] - (.Hewlett-Packard - HP BATTERY INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe   [2068992] [PID.3636]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\hp\HP Software Update\hpwuschd2.exe   [49208] [PID.3352]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [256896] [PID.2408]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe   [152392] [PID.3428]
[MD5.4DDD06F125D406BFC80252282E12634C] - (.No owner - Caps Lock | Num Lock | Scroll Lock  State.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe   [406016] [PID.3584]
[MD5.EDCB55CF7135CCF9818EEC413FB39410] - (.Hewlett-Packard - HP LED INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe   [2068992] [PID.944]
[MD5.B6F3EFF7F38D65A0C54B11A675173300] - (...) -- C:\Users\Marta\Desktop\zoek.exe   [1287168] [PID.4216]
[MD5.CD900EFB4F8946A2BB1950D9F45915C2] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [812216] [PID.3104]
[MD5.7115E24471C95AA89422A3625BD10FC3] - (.Microsoft Corporation - Microsoft Spell Checking Facility.) -- C:\Windows\System32\MsSpellCheckingFacility.exe   [646144] [PID.6076]
[MD5.06C2BB8F9089C3C091584F8AD5C1A01E] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe   [16001192] [PID.3596]
[MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe   [851632] [PID.2608]
[MD5.19A0A39635A48351A75D92938586FA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8078848] [PID.1084]
~ Processes Running:  Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Crie um site.lnk . (...)  -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Program [Public]: Huddle.lnk . (...)  -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 2 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe   =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [HP KEYBOARDx] . (.Hewlett-Packard - HP Keyboard Kit OSD.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.exe
O4 - HKLM\..\Run: [HP Remote Solution] . (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] . (.Hewlett-Packard - HP BATTERY INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] . (.Hewlett-Packard - Launch a application..) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [fst_br_237] Chave orfã
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.88.1 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1050]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1054]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForMarta   [320]
O39 - APT:  - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job   [266]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator   [266]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s



---\\ Software instalados (042)
O42 - Logiciel: Acrobat Reader Packages - (...) [HKCU] -- Acrobat Reader Packages
O42 - Logiciel: webssearches uninstall - (.webssearches.) [HKLM] -- webssearches uninstall  =>Hijacker.WebsSearches
~ Logic: 38 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Browseri_Appe 1.2]
[HKLM\Software\Easy  Deals]  =>PUP.EasyDeals
[HKLM\Software\MaxPower]
~ Key Software: 225 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/07/2014 - 12:28:00 - [] ----D C:\Users\Marta\AppData\Roaming\ProductData
O43 - CFD: 17/07/2014 - 14:59:08 - [] ----D C:\Users\Marta\AppData\Local\com
~ Program Folder: 149 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.67B48E7FA927B47893C1EE77586E6E09] - 18/07/2014 - 12:27:07 ---A- . (...) -- C:\Windows\ntbtlog.txt   [46338]
O44 - LFC:[MD5.72CBCC6F1F8F48DB4CFF611887A569FA] - 18/07/2014 - 12:32:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [150302]
O44 - LFC:[MD5.A9CF700477FBFD12B0F5A9CE7978606E] - 18/07/2014 - 12:32:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [714508]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 18/07/2014 - 13:40:23 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 18/07/2014 - 14:36:43 ---A- . (...) -- C:\Windows\System32\DOErrors.log   [52]
O44 - LFC:[MD5.974DB32C5D31437E9892A3287CE3D256] - 18/07/2014 - 15:15:43 ---A- . (...) -- C:\zoek-results2014-07-18-181543.log   [35617]
O44 - LFC:[MD5.6E7F5350C401A0B7E669A7E93BDFC7C0] - 18/07/2014 - 16:57:23 ---A- . (...) -- C:\zoek-results2014-07-18-195723.log   [27983]
O44 - LFC:[MD5.69A2184F493A71884C48BCE84D899B97] - 21/07/2014 - 11:43:51 ---A- . (...) -- C:\runcheck.txt   [678]
O44 - LFC:[MD5.EE26390F2D1806A363F3717F234243F7] - 21/07/2014 - 11:43:51 ---A- . (...) -- C:\zoek-results.log   [9535]
~ Files: 71 Legitimates Filtered in 00mn 07s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{312627d7-582c-11e3-9b83-101f742a95f6}\AutoRun\command. (...) -- G:\Autorun.exe (.not file.)
O51 - MPSK:{6a3276c3-a2d6-11e0-b4ef-806e6f6e6963}\AutoRun\command. (...) -- E:\Autorun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys   [47456]
O58 - SDL:16/04/2010 - 19:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys   [35384]
O58 - SDL:16/04/2010 - 19:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys   [35384]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:31/07/2008 - 08:13:18 ---A- . (.OEM - Device Driver for Parallel Port.) -- C:\Windows\System32\Drivers\OxPPort.sys   [82048]
O58 - SDL:16/09/2009 - 04:37:08 ---A- . (.OEM - Device Driver for Serial Ports.) -- C:\Windows\System32\Drivers\OxSer.sys   [83888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys   [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 75 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/11/2010 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag)  .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 09/05/2014 - C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140703.001\BHDrvx86.sys (BHDrvx86)  .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX86
O64 - Services: CurCS - 25/09/2013 - C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys (ccSet_N360)  .(.Symantec Corporation - Common Client Settings Driver.) - LEGACY_CCSET_N360
O64 - Services: CurCS - 28/05/2014 - C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140718.001\IDSvix86.sys (IDSVix86)  .(.Symantec Corporation - IDS Core Driver.) - LEGACY_IDSVIX86
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv)  .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 17/02/2014 - C:\Windows\system32\Drivers\N360\1504000.00D\SYMNETS.sys (SymNetS)  .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
~ Legacy: 134 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {47C6B466-7E75-4482-A5F6-16F3273BB247} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {EE42DCD3-7438-4B9C-9F2A-5183B265F307} [DefaultScope] - (([Você precisa estar registrado e conectado para ver este link.] Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.01C3E4184A59EE9B4E3630E138F2C4BE] [SPRF][17/07/2014] (...) -- C:\Users\Marta\Desktop\335-setupscreenhunterfree.exe   [11289952]
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][18/07/2014] (...) -- C:\Users\Marta\Desktop\AdwCleaner.exe   [1354223]
[MD5.B6F3EFF7F38D65A0C54B11A675173300] [SPRF][18/07/2014] (...) -- C:\Users\Marta\Desktop\zoek.exe   [1287168]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS  =>PUP.NetCrawl
~ BTK: 116 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/07/2014 262320 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 29/05/2014 227904 |  (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 29/05/2014 203344 |  (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Auto 20/03/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/03/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/03/2014 194032 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 27/10/2010 13824 |  (HP DS Service) . (.Hewlett-Packard Company.) - C:\Program Files\HP\HPBDSService\HPBDSService.exe
SS - | Demand 10/08/2012 1001376 |  (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 18/07/2014 2175264 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 87968 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 09/11/2010 176128 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/11/2010 284160 |  (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 17/06/2010 140224 |  (AMD Reservation Manager) . (.Advanced Micro Devices.) - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
SR - | Auto 12/06/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/10/2010 145920 |  (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Auto 27/09/2012 86528 |  (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe  =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 246840 |  (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 08/07/2014 553288 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/11/2010 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 27/06/2014 265040 |  (N360) . (.Symantec Corporation.) - C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 24s



---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]   =>Hijacker.WebsSearches^
[HKLM\Software\Easy  Deals]   =>PUP.EasyDeals^
~ Additionnel Scan: 292788 Items scanned in 01mn 03s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.]  =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.]  =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.]  =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.]  =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.WebsSearches
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.EasyDeals
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.NetCrawl
~ MSI: 3 link(s) detected in 00mn 00s



~ 835 Legitimates filtered by white list
End of the scan (448 lines in 03mn 38s)(0)
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 12:46

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_____________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 22 Jul 2014, 15:39, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Relatório

Mensagem por brmct em Seg 21 Jul 2014, 12:51

Segue relatório do ZHPFix


Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marta at 21/07/2014 12:49:15
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\marta\appdata\roaming\webssearches\uninstallmanager.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall]
ELIMINÉ: HKLM\Software\Browseri_Appe 1.2
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS

========== Valores do Registo ==========
ELIMINÉ RunValue: fst_br_237

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (11) (977.821 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 34s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marta\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 12:49:20 [1531]
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 12:55

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Relatório

Mensagem por brmct em Seg 21 Jul 2014, 13:01

Segue relatório do ZHPDiag


~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Iniciado por Marta (21/07/2014 12:57:42)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1650 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 393 GB (86%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARTA-HP
~ User Name: Marta
~ All Users Names: Marta, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marta\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marta\AppData\Roaming\
~ %Desktop% : C:\Users\Marta\Desktop\
~ %Favorites% : C:\Users\Marta\Favorites\
~ %LocalAppData% : C:\Users\Marta\AppData\Local\
~ %StartMenu% : C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 393 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 18:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes musiques (My Musics) : 1/2785
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 2/10233
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 12s



---\\ Processos lançados
[MD5.4FF9D0D5FEC26D9F2312A8C15CA59C8F] - (.No owner - Monitor LED Key.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [53248] [PID.3260]
[MD5.5E1659BD35E69AA6083FF8D552E5B1D5] - (.Symantec Corporation - Norton 360.) -- C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040] [PID.736]
[MD5.59EDE803FC22CBD90A3A368571511032] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920] [PID.3664]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3692]
[MD5.BE173815C4F7C3C8193180AFC3F05DE3] - (.Hewlett-Packard - HP Keyboard Kit OSD.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.exe [710656] [PID.3552]
[MD5.47DCE3A2FE0B34DD9F01EB4037303A3E] - (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896] [PID.3480]
[MD5.4298DB2F9FE4FE4C96AC4528542680F8] - (.Hewlett-Packard - HP BATTERY INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992] [PID.3636]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\hp\HP Software Update\hpwuschd2.exe [49208] [PID.3352]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.2408]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3428]
[MD5.4DDD06F125D406BFC80252282E12634C] - (.No owner - Caps Lock | Num Lock | Scroll Lock State.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe [406016] [PID.3584]
[MD5.EDCB55CF7135CCF9818EEC413FB39410] - (.Hewlett-Packard - HP LED INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe [2068992] [PID.944]
[MD5.7115E24471C95AA89422A3625BD10FC3] - (.Microsoft Corporation - Microsoft Spell Checking Facility.) -- C:\Windows\System32\MsSpellCheckingFacility.exe [646144] [PID.6076]
[MD5.06C2BB8F9089C3C091584F8AD5C1A01E] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe [16001192] [PID.3596]
[MD5.C8BC9A2DC599F1A52DC6B42FDD47B01E] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe [851632] [PID.2608]
[MD5.CD900EFB4F8946A2BB1950D9F45915C2] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [812216] [PID.5396]
[MD5.19A0A39635A48351A75D92938586FA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8078848] [PID.4796]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Crie um site.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Program [Public]: Huddle.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [HP KEYBOARDx] . (.Hewlett-Packard - HP Keyboard Kit OSD.) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.exe
O4 - HKLM\..\Run: [HP Remote Solution] . (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] . (.Hewlett-Packard - HP BATTERY INDICATOR.) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] . (.Hewlett-Packard - Launch a application..) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F6636CF-2E64-4ED3-823B-72AC3B58E686}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4028F5E8-1C0D-44C9-98E1-155EA5D7AC79}: DhcpNameServer = 192.168.88.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.88.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForMarta [320]
O39 - APT: - (..) -- C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job [266]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator [266]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: Acrobat Reader Packages - (...) [HKCU] -- Acrobat Reader Packages
~ Logic: 37 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Easy Deals] =>PUP.EasyDeals
[HKLM\Software\MaxPower]
~ Key Software: 222 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/07/2014 - 12:28:00 - [] ----D C:\Users\Marta\AppData\Roaming\ProductData
O43 - CFD: 17/07/2014 - 14:59:08 - [] ----D C:\Users\Marta\AppData\Local\com
~ Program Folder: 149 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.67B48E7FA927B47893C1EE77586E6E09] - 18/07/2014 - 12:27:07 ---A- . (...) -- C:\Windows\ntbtlog.txt [46338]
O44 - LFC:[MD5.72CBCC6F1F8F48DB4CFF611887A569FA] - 18/07/2014 - 12:32:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [150302]
O44 - LFC:[MD5.A9CF700477FBFD12B0F5A9CE7978606E] - 18/07/2014 - 12:32:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [714508]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 18/07/2014 - 13:40:23 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 18/07/2014 - 14:36:43 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.974DB32C5D31437E9892A3287CE3D256] - 18/07/2014 - 15:15:43 ---A- . (...) -- C:\zoek-results2014-07-18-181543.log [35617]
O44 - LFC:[MD5.6E7F5350C401A0B7E669A7E93BDFC7C0] - 18/07/2014 - 16:57:23 ---A- . (...) -- C:\zoek-results2014-07-18-195723.log [27983]
O44 - LFC:[MD5.EE26390F2D1806A363F3717F234243F7] - 21/07/2014 - 11:43:51 ---A- . (...) -- C:\zoek-results.log [9535]
~ Files: 70 Legitimates Filtered in 00mn 04s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{312627d7-582c-11e3-9b83-101f742a95f6}\AutoRun\command. (...) -- G:\Autorun.exe (.not file.)
O51 - MPSK:{6a3276c3-a2d6-11e0-b4ef-806e6f6e6963}\AutoRun\command. (...) -- E:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/04/2010 - 19:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cpqdfw.sys [35384]
O58 - SDL:16/04/2010 - 19:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [35384]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:31/07/2008 - 08:13:18 ---A- . (.OEM - Device Driver for Parallel Port.) -- C:\Windows\System32\Drivers\OxPPort.sys [82048]
O58 - SDL:16/09/2009 - 04:37:08 ---A- . (.OEM - Device Driver for Serial Ports.) -- C:\Windows\System32\Drivers\OxSer.sys [83888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 74 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/11/2010 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 09/05/2014 - C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20140703.001\BHDrvx86.sys (BHDrvx86) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX86
O64 - Services: CurCS - 25/09/2013 - C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys (ccSet_N360) .(.Symantec Corporation - Common Client Settings Driver.) - LEGACY_CCSET_N360
O64 - Services: CurCS - 28/05/2014 - C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20140718.001\IDSvix86.sys (IDSVix86) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_IDSVIX86
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 17/02/2014 - C:\Windows\system32\Drivers\N360\1504000.00D\SYMNETS.sys (SymNetS) .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
~ Legacy: 134 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {47C6B466-7E75-4482-A5F6-16F3273BB247} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {EE42DCD3-7438-4B9C-9F2A-5183B265F307} [DefaultScope] - (([Você precisa estar registrado e conectado para ver este link.] Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.01C3E4184A59EE9B4E3630E138F2C4BE] [SPRF][17/07/2014] (...) -- C:\Users\Marta\Desktop\335-setupscreenhunterfree.exe [11289952]
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [SPRF][18/07/2014] (...) -- C:\Users\Marta\Desktop\AdwCleaner.exe [1354223]
[MD5.B6F3EFF7F38D65A0C54B11A675173300] [SPRF][18/07/2014] (...) -- C:\Users\Marta\Desktop\zoek.exe [1287168]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 29/05/2014 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 29/05/2014 203344 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Auto 20/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/03/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 27/10/2010 13824 | (HP DS Service) . (.Hewlett-Packard Company.) - C:\Program Files\HP\HPBDSService\HPBDSService.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 18/07/2014 2175264 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 09/11/2010 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/11/2010 284160 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 17/06/2010 140224 | (AMD Reservation Manager) . (.Advanced Micro Devices.) - c:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/10/2010 145920 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 246840 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 08/07/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 27/06/2014 265040 | (N360) . (.Symantec Corporation.) - C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 24s



---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Easy Deals] =>PUP.EasyDeals^
~ Additionnel Scan: 291590 Items scanned in 00mn 46s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.EasyDeals
~ MSI: 1 link(s) detected in 00mn 00s



~ 832 Legitimates filtered by white list
End of the scan (430 lines in 02mn 29s)(0)
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 13:27

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 22 Jul 2014, 15:40, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Relatório

Mensagem por brmct em Seg 21 Jul 2014, 13:41

Segue relatório


Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marta at 21/07/2014 13:30:18
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (10mn 30s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (34 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 10mn 54s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marta\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 12:49:20 [1611]
C:\Users\Marta\AppData\Roaming\ZHP\ZHPFix[R2].txt - 21/07/2014 13:40:48 [850]
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 13:51

como está o computador?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Desempenho baixo

Mensagem por brmct em Seg 21 Jul 2014, 14:23

Oi.... reiniciei o PC mas ele continua muito lento, o Microsoft Outlook e o Inrernet Explore abre mas fica a tela em branco e "Não esta respondendo", depois de esperar 15 minutos ele abre tudo, várias páginas da internet (dependendo do numero de tentativas que fiz para abrir as páginas)
Pro você ter uma ideia, desde que me perguntou como estava o PC, só consegui responder agora


Última edição por brmct em Seg 21 Jul 2014, 14:31, editado 1 vez(es) (Razão : Anexar uma imagem)
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Re: Remocão do Baidu Antivírus

Mensagem por Power Max em Seg 21 Jul 2014, 14:51

Uma das coisas que fazem seu PC ficar lento é a pouca quantidade de memória RAM dele. Veja que ele só tem 1650 MB e o ideal é 4 GB. Seria muito bom comprar uma memória RAM mais potente para ele.
__________________________________________________________________________________________

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Você precisa estar registrado e conectado para ver esta imagem.]

Execute-o da forma indicada nesta postagem:

[Você precisa estar registrado e conectado para ver este link.]

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Relatório

Mensagem por brmct em Seg 21 Jul 2014, 17:10

Segue relatório.... Agora estarei indo embora do escritório, retorno amanhã pela manhã para continuar os procedimentos, agradeço imensamente a ajuda mas não posso dar prosseguimento hoje, abraço



¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 21.07.2014.4

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 15:16:10 - 21/07/2014

Atualizado : 21/07/2014 | 14.15 Por g3n-h@ckm@n

Contact : [Você precisa estar registrado e conectado para ver este link.]
Assistance : [Você precisa estar registrado e conectado para ver este link.]
Feedbacks : [Você precisa estar registrado e conectado para ver este link.]

Boot: Normal boot

[Marta (Administrator)] - [MARTA-HP] -  (Brasil [0416])
SID = S-1-5-21-1564383174-651765971-1828009225-1001

Sistema : Windows 7 Professional (32 bits) Professional Service Pack 1

Memória RAM = Total (MB) : 1690 | Livre (MB) : 957
Pagefile = Total (MB) : 3380 | Livre (MB) : 2309
Virtual = Total (MB) : 2097 | Livre (MB) : 1962


Registro protegido, restabelecer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

¤¤¤¤¤¤¤¤¤¤ | Windows atualizado

Por último descoberta : 2014-07-21 14:36:05
Carregado último ones : 2014-07-11 16:18:45
Instalado último ones : 2014-07-11 16:46:57
Próxima procura : 2014-07-22 12:16:47

¤¤¤¤¤¤¤¤¤¤ | Navegadores

IE : 11.0.9600.17207     (© Microsoft Corporation. Todos os direitos reservados.)

¤¤¤¤¤¤¤¤¤¤ | Security

AV : Norton 360 Premier Edition Disabled
AS : Windows Defender Disabled
FW : Norton 360 Premier Edition Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Ordem
AS: Windows Defender [Manual(3)] = Ordem
FW: Windows FireWall Service [Auto(2)] = Ordem

Colocação apagada em um modo auxiliar !


¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 14.0.0.145

¤¤¤¤¤¤¤¤¤¤ | Processos mortos

764 | [Owner : SISTEMA |Parent : 520] - (.AMD - AMD External Events Service Module.) - (6.14.11.1077) = C:\Windows\System32\atiesrxx.exe
1232 | [Owner : SISTEMA |Parent : 764] - (.AMD - AMD External Events Client Module.) - (6.14.11.1077) = C:\Windows\System32\atieclxx.exe
1560 | [Owner : SISTEMA |Parent : 520] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1748 | [Owner : SISTEMA |Parent : 520] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1768 | [Owner : SISTEMA |Parent : 520] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - (1.0.32.10) = C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1792 | [Owner : SISTEMA |Parent : 520] - (.Advanced Micro Devices - RM Application.) - (1.0.7.0) = C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1820 | [Owner : SISTEMA |Parent : 520] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.35) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1844 | [Owner : SISTEMA |Parent : 520] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
1888 | [Owner : SISTEMA |Parent : 520] - (.HP - HP LaserJet Service.) - (2.15.602.0) = C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe
1968 | [Owner : SISTEMA |Parent : 520] - (.Hewlett-Packard Company - HP Client Services.) - (1.1.0.3539) = C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1996 | [Owner : SISTEMA |Parent : 520] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.20.1) = C:\Program Files\Common Files\LightScribe\LSSrvc.exe
396 | [Owner : SISTEMA |Parent : 520] - (.Symantec Corporation - Norton 360.) - (12.11.2.9) = C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
1044 | [Owner : SISTEMA |Parent : 520] - (.Microsoft Corporation - Microsoft® Windows Live ID Service.) - (6.500.3165.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2068 | [Owner : SISTEMA |Parent : 520] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2752 | [Owner : SISTEMA |Parent : 520] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3196 | [Owner : SISTEMA |Parent : 1044] - (.Microsoft Corporation - Microsoft® Windows Live ID Service Monitor.) - (6.500.3165.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3348 | [Owner : Marta |Parent : 984] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
3356 | [Owner : Marta |Parent : 3268] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
3388 | [Owner : Marta |Parent : 520] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
3484 | [Owner : Marta |Parent : 3348] - (. - Monitor LED Key.) - (4.3.0.3) = C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2108 | [Owner : Marta |Parent : 396] - (.Symantec Corporation - Norton 360.) - (12.11.2.9) = C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
2988 | [Owner : Marta |Parent : 3356] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) - (1.0.0.669) = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3672 | [Owner : Marta |Parent : 3356] - (.Hewlett-Packard - hpsysdrv.) - (2.10.0.0) = C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3556 | [Owner : Marta |Parent : 3356] - (.Hewlett-Packard - HP Keyboard Kit OSD.) - (1.0.0.13) = C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
3564 | [Owner : Marta |Parent : 3356] - (.Hewlett-Packard - HP Remote Solution.) - (1.0.1.0) = C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3540 | [Owner : Marta |Parent : 3356] - (.Hewlett-Packard - HP BATTERY INDICATOR.) - (0.0.1.0) = C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
3712 | [Owner : Marta |Parent : 3356] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files\hp\HP Software Update\hpwuschd2.exe
3500 | [Owner : Marta |Parent : 3356] - (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.65.20) = C:\Program Files\Common Files\Java\Java Update\jusched.exe
2592 | [Owner : Marta |Parent : 3356] - (.Apple Inc. - iTunesHelper.) - (11.3.0.54) = C:\Program Files\iTunes\iTunesHelper.exe
1204 | [Owner : Marta |Parent : 3556] - (. - Caps Lock | Num Lock | Scroll Lock  State.) - (1.0.0.4) = C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
3216 | [Owner : SISTEMA |Parent : 520] - (.Apple Inc. - iPodService Module (32-bit).) - (11.3.0.54) = C:\Program Files\iPod\bin\iPodService.exe
4116 | [Owner : SERVIÇO DE REDE |Parent : 520] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4324 | [Owner : Marta |Parent : 3704] - (.Hewlett-Packard - HP LED INDICATOR.) - (0.0.12.0) = C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
4784 | [Owner : SERVIÇO DE REDE |Parent : 520] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5348 | [Owner : Marta |Parent : 648] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 14.0 r0.) - (14.0.0.145) = C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
3812 | [Owner : SISTEMA |Parent : 520] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.39.14) = C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
7760 | [Owner : Marta |Parent : 3356] - (.Wisdom Software Inc.  - ScreenHunter 6.0 Free.) - (6.0.229.32) = C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
10232 | [Owner : SISTEMA |Parent : 984] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe

¤¤¤¤¤¤¤¤¤¤ | RUN

04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

¤¤¤¤¤¤¤¤¤¤ | Serviços


funcionando : MMCSS
funcionando : Dhcp
funcionando : WMPNetworkSvc
Serviço parado : WMPNetworkSvc
funcionando : TcpIp
funcionando : WinHttpAutoProxysvc
Serviço parado : WinHttpAutoProxysvc
funcionando : SSDPSRV
funcionando : MPSSvc
Serviço parado : MPSSvc
funcionando : LanmanServer
funcionando : DNScache
Serviço parado : DNScache

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Reponha para zerar prosperamente

¤¤¤¤¤¤¤¤¤¤ | Registro

Apagado prosperamente : HKLM\Software\Classes\globalUpdate.Update3WebControl.4
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.CoreClass
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.CoreClass.1
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.CoreMachineClass.1
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Apagado prosperamente : HKLM\Software\Classes\protector_dll.Protector
Apagado prosperamente : HKLM\Software\Classes\protector_dll.Protector.1
Apagado prosperamente : HKLM\Software\Classes\protector_dll.ProtectorLib.1
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.CoreMachineClass
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3COMClassService
Apagado prosperamente : HKLM\Software\Classes\globalUpdateUpdate.Update3WebMachineFallback
Apagado prosperamente : HKLM\Software\Classes\protector_dll.ProtectorLib
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Mega Browse
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1564383174-651765971-1828009225-1001\Software\NetCrawl
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[MySearchDial.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-3.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-11.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[globalUpdateUpdateTaskMachineCore.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[globalUpdateUpdateTaskMachineUA.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-4.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-1.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-2.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-5.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-3.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-4.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-1.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-2.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-5.job] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[MySearchDial.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-3.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[globalUpdateUpdateTaskMachineCore.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-4.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-2.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[7d44748e-4c04-4cf8-9646-67eb47daf177-5.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-3.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-1.job.fp] :
Apagado prosperamente : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]|[4687970a-3c72-4da9-ab9b-abc02e5fab8f-5.job.fp] :
Apagado prosperamente : HKLM\Software\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} : globalUpdate Update Plugin
Apagado prosperamente : HKLM\Software\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} : Update3COMClass     (CLSID)
Apagado prosperamente : HKLM\Software\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} : globalUpdate Update Plugin
Apagado prosperamente : HKLM\Software\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} : C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll     (InProcServer32)
Apagado prosperamente : HKLM\Software\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} : C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll     (InProcServer32)
Apagado prosperamente : HKLM\Software\Classes\AppID\protector_dll.DLL
Apagado prosperamente : HKLM\Software\Classes\AppID\SoftwareUpdate.exe
Apagado prosperamente : HKLM\Software\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} : globalUpdatem
Apagado prosperamente : HKLM\Software\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} : globalUpdate
Apagado prosperamente : HKLM\Software\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp
Apagado prosperamente : HKLM\Software\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} : protector_dll
Apagado prosperamente : HKLM\Software\Classes\TypeLib\{15F672EC-1269-428F-BDB7-DB781E772B77} : MegaBrowseIEClientLib     (1.0)
Apagado prosperamente : HKLM\Software\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4} : SoftwareUpdate     (1.0)
Apagado prosperamente : HKLM\Software\Classes\Interface\{158C1B4D-859D-4886-BCA4-4C671693EAA0} : {15F672EC-1269-428F-BDB7-DB781E772B77}
Apagado prosperamente : HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Apagado prosperamente : HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Apagado prosperamente : HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Apagado prosperamente : [HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]|[Browseri_Appe 1.2-bg.exe]
Apagado prosperamente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Apagado prosperamente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Mega Browse
Apagado prosperamente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Mega Browse
Apagado prosperamente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Apagado prosperamente : HKLM\Software\Microsoft\Tracing\RightBackup_RASAPI32
Apagado prosperamente : HKLM\Software\Microsoft\Tracing\RightBackup_RASMANCS
Apagado prosperamente : HKU\S-1-5-18\SOFTWARE\Systweak
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} : BabylonToolbarTlbr.dll
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Apagado prosperamente : HKLM\Software\Classes\Installer\Products\4649C1EBBBED6AD41BA9E86C432FD237 : c:\Windows\Installer\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}\HPConnectSolutionsIcon
Apagado prosperamente : HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E : C:\Program Files\globalUpdate\Update\1.3.25.0\
Apagado prosperamente : HKLM\Software\Classes\Installer\Features\4649C1EBBBED6AD41BA9E86C432FD237 :
Apagado prosperamente : HKLM\Software\Classes\Installer\Features\AFC9600B9BB530C41B6C98EC92E0A5EF :
Apagado prosperamente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E : C:\Program Files\globalUpdate\Update\1.3.25.0\
Apagado prosperamente : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} : C:\Program Files\globalUpdate\Update\1.3.25.0\
Apagado prosperamente : HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Acrobat Reader Packages : C:\Users\Marta\AppData\Roaming\1H1Q\Acrobat Reader Packages\uninstaller.exe
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36B5317E-59D2-4FA7-86E1-BDB4D425B10D} : \060184C3-9766-46a0-B258-F4518A0B2633
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA

¤¤¤¤¤¤¤¤¤¤ | Offsets


¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Arquivos

Apagado prosperamente : C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
Apagado prosperamente : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HP Connect Solutions.lnk = ConnectSo
Apagado prosperamente : C:\Users\Marta\AppData\Local\com\NewPlayer.exe_Url_wmgtxqntq5fklrr4bpxvxljadclrhvq0
Apagado prosperamente : C:\Users\Marta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Marta\Application Data\SupTab
Apagado prosperamente : C:\Users\Marta\AppData\Local\RemEngine\RemEngine.exe_Url_uosaiiq1eydlzm0hgftskwpmtmy5lxkx
Apagado prosperamente : C:\Windows\Installer\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}     (.-.)  -   ConnectSo
Apagado prosperamente : C:\Users\Marta\AppData\Local\com

¤¤¤¤¤¤¤¤¤¤ | .LNK


¤¤¤¤¤¤¤¤¤¤ | Extensão desconhecida abrindo


¤¤¤¤¤¤¤¤¤¤ | Proxy


Consertado : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : <-loopback> -> *.local

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Consertado : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Você precisa estar registrado e conectado para ver este link.] -> [Você precisa estar registrado e conectado para ver este link.]
Consertado : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Você precisa estar registrado e conectado para ver este link.] -> [Você precisa estar registrado e conectado para ver este link.]
Consertado : [HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Você precisa estar registrado e conectado para ver este link.] -> [Você precisa estar registrado e conectado para ver este link.]
Consertado : [HKU\S-1-5-21-1564383174-651765971-1828009225-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Você precisa estar registrado e conectado para ver este link.] -> [Você precisa estar registrado e conectado para ver este link.]

¤¤¤¤¤¤¤¤¤¤ | Opera


¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet

Consertado : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs


¤¤¤¤¤¤¤¤¤¤ | Javascript


¤¤¤¤¤¤¤¤¤¤ | Firewall


¤¤¤¤¤¤¤¤¤¤ | ADS

¤¤¤¤¤¤¤¤¤¤ | Arquivos temporários

[All Users] Arquivos temporários Apagado : 0 Ko
[Default] Arquivos temporários Apagado : 0 Ko
[Default User] Arquivos temporários Apagado : 0 Ko
[Marta] Arquivos temporários Apagado : 322 Ko
[Public] Arquivos temporários Apagado : 0 Ko
[C:\Windows\Temp] Arquivos temporários Apagado : 3 Ko
[C:\Temp] Arquivos temporários Apagado : 0 Ko

Serviço reiniciado : MPSsvc

Outros relatórios


Colocação restabelecida em um modo auxiliar

¤¤¤¤¤¤¤¤¤¤ | Listing


¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[20/03/2014 12:39:27] - |D| - C:\Program Files\Adobe
[29/05/2014 16:49:59] - |D| - C:\Program Files\Apple Software Update
[30/06/2011 00:45:13] - |D| - C:\Program Files\ATI
[30/06/2011 00:45:11] - |D| - C:\Program Files\ATI Technologies
[29/05/2014 16:25:06] - |D| - C:\Program Files\Bonjour
[03/07/2014 16:35:17] - |D| - C:\Program Files\CCleaner
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files
[30/06/2011 00:52:36] - |D| - C:\Program Files\Cyberlink
[14/07/2009 01:41:57] - |ASH| - C:\Program Files\desktop.ini
[14/07/2009 01:52:30] - |D| - C:\Program Files\DVD Maker
[20/03/2014 13:16:00] - |D| - C:\Program Files\Google
[30/06/2011 00:38:23] - |D| - C:\Program Files\Hewlett-Packard
[30/06/2011 00:39:08] - |D| - C:\Program Files\hp
[30/06/2011 00:57:24] - |D| - C:\Program Files\HP Games
[30/06/2011 00:43:04] - |HD| - C:\Program Files\InstallShield Installation Information
[13/07/2009 23:37:05] - |D| - C:\Program Files\Internet Explorer
[18/07/2014 12:22:37] - |D| - C:\Program Files\IObit
[15/07/2014 15:56:28] - |D| - C:\Program Files\iPod
[31/05/2014 17:00:53] - |D| - C:\Program Files\iTunes
[17/03/2014 16:26:36] - |D| - C:\Program Files\Java
[30/06/2011 01:04:50] - |D| - C:\Program Files\Microsoft
[03/12/2013 11:28:09] - |D| - C:\Program Files\Microsoft Analysis Services
[30/06/2011 00:29:34] - |D| - C:\Program Files\Microsoft Games
[30/06/2011 00:50:56] - |D| - C:\Program Files\Microsoft Office
[30/06/2011 01:03:54] - |D| - C:\Program Files\Microsoft Silverlight
[10/02/2011 16:26:42] - |D| - C:\Program Files\Microsoft.NET
[14/07/2009 01:52:30] - |D| - C:\Program Files\MSBuild
[19/03/2014 13:26:57] - |D| - C:\Program Files\Norton 360
[30/06/2011 01:05:54] - |D| - C:\Program Files\NortonInstaller
[30/06/2011 00:56:26] - |RD| - C:\Program Files\Online Services
[30/06/2011 00:55:00] - |D| - C:\Program Files\PlayReady
[03/07/2014 14:05:08] - |D| - C:\Program Files\QuickTime
[30/06/2011 00:33:09] - |D| - C:\Program Files\Realtek
[14/07/2009 01:52:30] - |D| - C:\Program Files\Reference Assemblies
[03/07/2014 12:45:49] - |D| - C:\Program Files\TechSmith
[30/06/2011 00:43:29] - |HD| - C:\Program Files\Temp
[14/07/2009 01:53:23] - |HD| - C:\Program Files\Uninstall Information
[30/06/2011 00:57:19] - |D| - C:\Program Files\WildTangent Games
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Defender
[20/11/2010 21:47:23] - |D| - C:\Program Files\Windows Journal
[13/07/2009 23:37:05] - |D| - C:\Program Files\Windows Mail
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Media Player
[13/07/2009 23:37:05] - |D| - C:\Program Files\Windows NT
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Photo Viewer
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Portable Devices
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Sidebar
[30/06/2011 00:16:55] - |D| - C:\Program Files\Windows Virtual PC
[12/10/2009 21:15:53] - |D| - C:\Program Files\Windows XP Mode
[17/07/2014 17:21:14] - |D| - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free
[21/07/2014 12:22:43] - |D| - C:\Program Files\ZHPDiag
[30/06/2011 00:56:42] - |D| - C:\Program Files\Zinio Reader 4

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common Files

[20/03/2014 12:39:27] - |D| - C:\Program Files\Common Files\Adobe
[30/06/2011 00:56:40] - |D| - C:\Program Files\Common Files\Adobe AIR
[29/05/2014 16:46:14] - |D| - C:\Program Files\Common Files\Apple
[30/06/2011 00:46:15] - |D| - C:\Program Files\Common Files\ATI Technologies
[29/05/2014 16:07:32] - |D| - C:\Program Files\Common Files\DESIGNER
[30/06/2011 00:43:02] - |D| - C:\Program Files\Common Files\InstallShield
[29/05/2014 15:46:44] - |D| - C:\Program Files\Common Files\Java
[30/06/2011 00:55:05] - |D| - C:\Program Files\Common Files\LightScribe
[30/06/2011 00:55:06] - |D| - C:\Program Files\Common Files\LS Getting Started
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\microsoft shared
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\Services
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\SpeechEngines
[30/06/2011 01:06:56] - |D| - C:\Program Files\Common Files\Symantec Shared
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\System
[03/07/2014 12:46:13] - |D| - C:\Program Files\Common Files\TechSmith Shared

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Marta\AppData\Roaming

[28/11/2013 11:15:15] - |D| - C:\Users\Marta\AppData\Roaming\Adobe
[31/05/2014 16:18:47] - |D| - C:\Users\Marta\AppData\Roaming\Apple Computer
[28/11/2013 10:04:05] - |D| - C:\Users\Marta\AppData\Roaming\ATI
[28/11/2013 09:56:55] - |D| - C:\Users\Marta\AppData\Roaming\Hewlett-Packard
[19/03/2014 11:05:51] - |D| - C:\Users\Marta\AppData\Roaming\hpqLog
[28/11/2013 10:29:05] - |D| - C:\Users\Marta\AppData\Roaming\HpUpdate
[28/11/2013 10:02:40] - |D| - C:\Users\Marta\AppData\Roaming\Identities
[18/07/2014 12:22:38] - |D| - C:\Users\Marta\AppData\Roaming\IObit
[28/11/2013 09:56:04] - |D| - C:\Users\Marta\AppData\Roaming\Macromedia
[28/11/2013 09:56:04] - |D| - C:\Users\Marta\AppData\Roaming\Media Center Programs
[28/11/2013 09:56:04] - |SD| - C:\Users\Marta\AppData\Roaming\Microsoft
[18/07/2014 12:28:00] - |D| - C:\Users\Marta\AppData\Roaming\ProductData
[03/07/2014 12:49:00] - |D| - C:\Users\Marta\AppData\Roaming\TechSmith
[20/03/2014 12:33:43] - |A| - C:\Users\Marta\AppData\Roaming\WB.CFG
[17/03/2014 17:32:41] - |D| - C:\Users\Marta\AppData\Roaming\WildTangent
[21/07/2014 12:22:43] - |D| - C:\Users\Marta\AppData\Roaming\ZHP

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Marta\AppData\Local

[20/03/2014 12:43:10] - |D| - C:\Users\Marta\AppData\Local\Adobe
[28/11/2013 10:04:11] - |D| - C:\Users\Marta\AppData\Local\AMD
[29/05/2014 16:50:06] - |D| - C:\Users\Marta\AppData\Local\Apple
[31/05/2014 17:02:02] - |D| - C:\Users\Marta\AppData\Local\Apple Computer
[28/11/2013 10:04:05] - |D| - C:\Users\Marta\AppData\Local\ATI
[17/03/2014 15:56:10] - |D| - C:\Users\Marta\AppData\Local\CrashDumps
[28/11/2013 09:56:04] - |SHD| - C:\Users\Marta\AppData\Local\Dados de aplicativos
[28/11/2013 12:21:57] - |D| - C:\Users\Marta\AppData\Local\Diagnostics
[20/03/2014 16:51:31] - |D| - C:\Users\Marta\AppData\Local\ElevatedDiagnostics
[31/05/2014 16:44:11] - |SHD| - C:\Users\Marta\AppData\Local\EmieSiteList
[31/05/2014 16:44:12] - |SHD| - C:\Users\Marta\AppData\Local\EmieUserList
[28/11/2013 10:04:14] - |A| - C:\Users\Marta\AppData\Local\GDIPFONTCACHEV1.DAT
[20/03/2014 13:16:00] - |D| - C:\Users\Marta\AppData\Local\Google
[28/11/2013 09:56:54] - |D| - C:\Users\Marta\AppData\Local\Hewlett-Packard
[28/11/2013 09:56:43] - |D| - C:\Users\Marta\AppData\Local\Hewlett-Packard_Company
[28/11/2013 09:56:04] - |SHD| - C:\Users\Marta\AppData\Local\Histórico
[18/07/2014 15:13:35] - |AH| - C:\Users\Marta\AppData\Local\IconCache.db
[19/03/2014 12:51:13] - |D| - C:\Users\Marta\AppData\Local\LogMeIn Rescue Applet
[28/11/2013 09:56:04] - |D| - C:\Users\Marta\AppData\Local\Microsoft
[03/12/2013 11:27:42] - |D| - C:\Users\Marta\AppData\Local\Microsoft Help
[28/11/2013 10:03:07] - |D| - C:\Users\Marta\AppData\Local\PDFC
[03/07/2014 12:20:07] - |D| - C:\Users\Marta\AppData\Local\Programs
[28/11/2013 10:01:48] - |D| - C:\Users\Marta\AppData\Local\RemEngine
[03/07/2014 13:07:25] - |D| - C:\Users\Marta\AppData\Local\TechSmith
[18/07/2014 15:13:04] - |D| - C:\Users\Marta\AppData\Local\Temp
[28/11/2013 09:56:04] - |SHD| - C:\Users\Marta\AppData\Local\Temporary Internet Files
[28/11/2013 09:56:06] - |D| - C:\Users\Marta\AppData\Local\VirtualStore
[17/07/2014 17:21:46] - |D| - C:\Users\Marta\AppData\Local\Wisdom-soft

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[16/07/2014 13:45:10] - |D| - C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[20/03/2014 12:38:35] - |D| - C:\ProgramData\Adobe
[30/06/2011 00:45:38] - |D| - C:\ProgramData\AMD
[29/05/2014 16:25:06] - |D| - C:\ProgramData\Apple
[31/05/2014 17:00:54] - |D| - C:\ProgramData\Apple Computer
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Application Data
[30/06/2011 00:47:16] - |D| - C:\ProgramData\ATI
[17/03/2014 17:33:53] - |D| - C:\ProgramData\BlueStacks
[30/06/2011 00:53:21] - |D| - C:\ProgramData\CyberLink
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Desktop
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Documents
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Favorites
[20/03/2014 13:16:42] - |D| - C:\ProgramData\Google
[30/06/2011 00:39:21] - |D| - C:\ProgramData\Hewlett-Packard
[28/11/2013 10:29:12] - |D| - C:\ProgramData\HP
[18/07/2014 12:23:06] - |D| - C:\ProgramData\IObit
[13/07/2009 23:37:05] - |SD| - C:\ProgramData\Microsoft
[03/12/2013 11:27:37] - |D| - C:\ProgramData\Microsoft Help
[30/06/2011 01:06:19] - |D| - C:\ProgramData\Norton
[30/06/2011 01:05:54] - |D| - C:\ProgramData\NortonInstaller
[17/03/2014 16:13:57] - |D| - C:\ProgramData\Oracle
[19/03/2014 12:25:03] - |D| - C:\ProgramData\PCSettings
[20/03/2014 12:58:49] - |D| - C:\ProgramData\PDFC
[03/07/2014 12:46:27] - |D| - C:\ProgramData\regid.1995-08.com.techsmith
[18/03/2014 17:22:28] - |D| - C:\ProgramData\Sandlot Games
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Start Menu
[17/03/2014 16:27:18] - |D| - C:\ProgramData\Sun
[30/06/2011 01:06:59] - |D| - C:\ProgramData\Symantec
[03/07/2014 12:45:49] - |D| - C:\ProgramData\TechSmith
[30/06/2011 00:49:47] - |D| - C:\ProgramData\Temp
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Templates
[30/06/2011 00:57:18] - |D| - C:\ProgramData\WildTangent
[30/06/2011 00:54:18] - |HDC| - C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}
[19/03/2014 11:06:54] - |D| - C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

Elementos analisados : 182919 | Modificados : 5 | Infetado : 122

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 17:04:33 | [36 Ko]


Última edição por brmct em Seg 21 Jul 2014, 17:13, editado 1 vez(es) (Razão : Adicionar informação)
avatar
brmct
Membro
Membro

Mensagens : 59
Reputação : 0
Data de inscrição : 17/07/2014

Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum