Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
PC com baidu e outras pragas
2 participantes
Página 1 de 1
PC com baidu e outras pragas
Vai logs do zoek, adwclener, jrt e zhp.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinho
> Seu Abobe Flash Player está desatualizado! ( Adobe Flash Player 13 Plugin )
> Desinstale: PSafe <<
>
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
ShortcutFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
SR - | Auto 21/05/2014 586592 | (QHActiveDefense) . (...) - C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
[MD5.75CA7FF96BF5A316C3AF2DE6A412BD54] [APT] [{21C99420-69FF-465B-80DD-4E5DE7478B4E}] (...) -- C:\Windows\WinAVI Video Converter 9.0\uninstall.exe [451072]
[MD5.00000000000000000000000000000000] [APT] [{0011F06E-92CC-4971-991D-6349499A1BC6}] (...) -- C:\Users\Lailane\Desktop\ChromeSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{04351104-423B-43DF-A81D-2E2BFA67C376}] (...) -- D:\Programas\ChromeSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{715B9C2E-894B-4845-9EAC-5517BF69F5B5}] (...) -- C:\Users\Lailane\Desktop\AdobeReader\AdobeReader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7EDC7520-8FA2-466B-823F-B9935DB1D358}] (...) -- C:\Users\Lailane\Desktop\zoek.scr -d C:\Users\Lailane\Desktop -c \S (.not file.) [0]
O4 - HKLM\..\Run: [QHSafeTray] . (.No owner - PSafe Total.) -- C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
O23 - Service: PSafe Total (QHActiveDefense) . (.No owner - PSafe Total.) - C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA [936]
O44 - LFC:[MD5.E61D4DFE7201C1FC659ECB7E1BBD5964] - 10/10/2014 - 11:40:31 ---A- . (...) -- C:\zoek-results.log [39810]
O51 - MPSK:{b791a030-44ad-11e3-8185-1078d26b1426}\AutoRun\command. (...) -- G:\LGAutoRun.exe (.not file.)
O64 - Services: CurCS - 30/03/2014 - C:\Windows\System32\drivers\360SelfProtection.sys (360SelfProtection) .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SELFPROTECTION
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\DRIVERS\qutmdrv.sys (qutmdserv) .(.360.cn - 360安全卫士 木马防火墙模块.) - LEGACY_QUTMDSERV
[HKCU\Software\WinkHandler]
HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASMANCS
[HKLM\Software\360Safe]
ServiceStop:QHActiveDefense
SericeStop:360SelfProtection
ServiceStop:EfiMon
ServiceStop:HookPort
ServiceStop:qutmdserv
sysrestore
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
> Seu Abobe Flash Player está desatualizado! ( Adobe Flash Player 13 Plugin )
> Desinstale: PSafe <<
>
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
ShortcutFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
SR - | Auto 21/05/2014 586592 | (QHActiveDefense) . (...) - C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
[MD5.75CA7FF96BF5A316C3AF2DE6A412BD54] [APT] [{21C99420-69FF-465B-80DD-4E5DE7478B4E}] (...) -- C:\Windows\WinAVI Video Converter 9.0\uninstall.exe [451072]
[MD5.00000000000000000000000000000000] [APT] [{0011F06E-92CC-4971-991D-6349499A1BC6}] (...) -- C:\Users\Lailane\Desktop\ChromeSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{04351104-423B-43DF-A81D-2E2BFA67C376}] (...) -- D:\Programas\ChromeSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{715B9C2E-894B-4845-9EAC-5517BF69F5B5}] (...) -- C:\Users\Lailane\Desktop\AdobeReader\AdobeReader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7EDC7520-8FA2-466B-823F-B9935DB1D358}] (...) -- C:\Users\Lailane\Desktop\zoek.scr -d C:\Users\Lailane\Desktop -c \S (.not file.) [0]
O4 - HKLM\..\Run: [QHSafeTray] . (.No owner - PSafe Total.) -- C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
O23 - Service: PSafe Total (QHActiveDefense) . (.No owner - PSafe Total.) - C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA [936]
O44 - LFC:[MD5.E61D4DFE7201C1FC659ECB7E1BBD5964] - 10/10/2014 - 11:40:31 ---A- . (...) -- C:\zoek-results.log [39810]
O51 - MPSK:{b791a030-44ad-11e3-8185-1078d26b1426}\AutoRun\command. (...) -- G:\LGAutoRun.exe (.not file.)
O64 - Services: CurCS - 30/03/2014 - C:\Windows\System32\drivers\360SelfProtection.sys (360SelfProtection) .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SELFPROTECTION
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 17/03/2014 - C:\Windows\System32\DRIVERS\qutmdrv.sys (qutmdserv) .(.360.cn - 360安全卫士 木马防火墙模块.) - LEGACY_QUTMDSERV
[HKCU\Software\WinkHandler]
HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASMANCS
[HKLM\Software\360Safe]
ServiceStop:QHActiveDefense
SericeStop:360SelfProtection
ServiceStop:EfiMon
ServiceStop:HookPort
ServiceStop:qutmdserv
sysrestore
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Lailane at 10/10/2014 13:39:53
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Estado dos serviços ==========
360SELFPROTECTION Parado
EFIMON Parado
HOOKPORT Parado
QUTMDSERV Parado
QHActiveDefense Parado
EfiMon Parado
HookPort Parado
qutmdserv Parado
========== Chaves do Registo ==========
ELIMINÉ CLSID MPSK: {b791a030-44ad-11e3-8185-1078d26b1426}
ELIMINÉ: HKCU\Software\WinkHandler
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASMANCS
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{B2CBBD7A-2AA2-4CAF-A31E-6282197C5195}C:\program files\mouseserver\mouseserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{BC7333E1-777A-4B59-BCDD-1B09E8148B28}C:\program files\mouseserver\mouseserver.exe
ELIMINÉ: FirewallRaz (None) : {1403D5AA-2C46-4AA7-9320-0B70C148EA8E}
ELIMINÉ: FirewallRaz (None) : {D10652A7-568D-440C-B003-0611E416C9A2}
ELIMINÉ RunValue: Baidu Antivirus
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (28)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (140) (4.623.368 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINA REINICIAR: c:\program files\baidu security\baidu antivirus\bavtray.exe
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3690846425-4128786697-235807194-1000core
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3690846425-4128786697-235807194-1000ua
ELIMINÉ: c:\zoek-results.log
========== Tarefa planificada ==========
ELIMINÉ: {21C99420-69FF-465B-80DD-4E5DE7478B4E}
ELIMINÉ: {0011F06E-92CC-4971-991D-6349499A1BC6}
ELIMINÉ: {04351104-423B-43DF-A81D-2E2BFA67C376}
ELIMINÉ: {715B9C2E-894B-4845-9EAC-5517BF69F5B5}
ELIMINÉ: {7EDC7520-8FA2-466B-823F-B9935DB1D358}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO SericeStop:360SelfProtection
========== Recapitulativo ==========
8 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
6 : Ficheiros
8 : Estado dos serviços
5 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 33s
========== Caminho do ficheiro do relatório ==========
C:\Users\Lailane\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/10/2014 13:39:56 [2966]
Fichier d'export Registre :
Run by Lailane at 10/10/2014 13:39:53
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Estado dos serviços ==========
360SELFPROTECTION Parado
EFIMON Parado
HOOKPORT Parado
QUTMDSERV Parado
QHActiveDefense Parado
EfiMon Parado
HookPort Parado
qutmdserv Parado
========== Chaves do Registo ==========
ELIMINÉ CLSID MPSK: {b791a030-44ad-11e3-8185-1078d26b1426}
ELIMINÉ: HKCU\Software\WinkHandler
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup63809_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p4v1_RASMANCS
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{B2CBBD7A-2AA2-4CAF-A31E-6282197C5195}C:\program files\mouseserver\mouseserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{BC7333E1-777A-4B59-BCDD-1B09E8148B28}C:\program files\mouseserver\mouseserver.exe
ELIMINÉ: FirewallRaz (None) : {1403D5AA-2C46-4AA7-9320-0B70C148EA8E}
ELIMINÉ: FirewallRaz (None) : {D10652A7-568D-440C-B003-0611E416C9A2}
ELIMINÉ RunValue: Baidu Antivirus
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (28)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (140) (4.623.368 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINA REINICIAR: c:\program files\baidu security\baidu antivirus\bavtray.exe
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3690846425-4128786697-235807194-1000core
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-3690846425-4128786697-235807194-1000ua
ELIMINÉ: c:\zoek-results.log
========== Tarefa planificada ==========
ELIMINÉ: {21C99420-69FF-465B-80DD-4E5DE7478B4E}
ELIMINÉ: {0011F06E-92CC-4971-991D-6349499A1BC6}
ELIMINÉ: {04351104-423B-43DF-A81D-2E2BFA67C376}
ELIMINÉ: {715B9C2E-894B-4845-9EAC-5517BF69F5B5}
ELIMINÉ: {7EDC7520-8FA2-466B-823F-B9935DB1D358}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO SericeStop:360SelfProtection
========== Recapitulativo ==========
8 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
6 : Ficheiros
8 : Estado dos serviços
5 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 33s
========== Caminho do ficheiro do relatório ==========
C:\Users\Lailane\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/10/2014 13:39:56 [2966]
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinho
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> Ou aqui...
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
A+
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> Ou aqui...
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01
Ran by Lailane at 2014-10-10 15:35:50
Running from C:\Users\Lailane\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 4.0.3.57478 - Baidu, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{757C4173-6457-48F5-898E-CF6A8E62287F}) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Sound Recorder v9.6.1 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2013 FreeSoundRecorder Technologies, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Instalação do DivX (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 pt-BR) (HKLM\...\Mozilla Firefox 32.0.3 (x86 pt-BR)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Noise Reduction Plug-In 2.0 (HKLM\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
Opera Stable 18.0.1284.49 (HKLM\...\Opera 18.0.1284.49) (Version: 18.0.1284.49 - Opera Software ASA)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sound Forge Pro 10.0 (HKLM\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - Portuguese (Brazil) (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
WinAVI Video Converter 9.0 (HKLM\...\WinAVI Video Converter 9.09.0) (Version: 9.0 - WinAVI Video Converter 9.0)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Lailane\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Lailane\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Lailane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
01-10-2014 21:03:48 Backup do Windows
10-10-2014 13:05:10 Backup do Windows
10-10-2014 13:12:20 zoek.exe restore point
10-10-2014 15:34:58 Instalado Realtek Ethernet Controller Driver For Windows Vista aèw
10-10-2014 15:39:46 avast! antivirus system restore point
10-10-2014 16:08:01 Instalado REALTEK PCIE Wireless LAN Driver
10-10-2014 16:20:32 Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.
10-10-2014 16:39:37 ZHPFix Restore System Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2014-10-10 10:13 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {043ADA78-EDF7-458E-93C3-1414A271039B} - System32\Tasks\RNUpgradeHelperLogonPrompt_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {071BE571-4E1C-4C9D-A4A0-E3276A174C69} - System32\Tasks\ReclaimerUpdateXML_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {18543E84-0C9F-4C84-9F6F-1BE07AF98E30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-16] (Google Inc.)
Task: {2B07D0F5-FAF0-42B1-AD7F-9FBF6708B296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-22] (Adobe Systems Incorporated)
Task: {2B42A081-52C0-470C-AE76-C30D22338896} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3690846425-4128786697-235807194-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3BEA3B38-AB56-4297-BDC9-463A30271930} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3690846425-4128786697-235807194-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {468328CA-67EE-47DB-B34A-6F9589930BCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-10] (AVAST Software)
Task: {4FE54DF6-7868-4FC3-87CF-3EB22031E585} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {8E6CC002-2CA3-4DDE-AA05-F3B1DB119E39} - System32\Tasks\ReclaimerUpdateFiles_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {CF17D82A-55F0-47CC-A93C-ACCF3FC1F268} - System32\Tasks\RNUpgradeHelperResumePrompt_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {F6D9B11A-3CEB-41EC-8A6C-1A45F523A572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-16] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job => C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job => C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2014-10-10 12:45 - 2014-10-10 12:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2013-11-16 13:34 - 2013-11-16 07:51 - 02141184 _____ () C:\Program Files\AVAST Software\Avast\defs\13111600\algo.dll
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
2013-06-27 06:56 - 2013-06-27 06:56 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-10-10 12:45 - 2014-10-10 12:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-30 20:02 - 2014-09-24 02:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-22 10:25 - 2014-04-22 10:25 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrador (S-1-5-21-3690846425-4128786697-235807194-500 - Administrator - Disabled)
Convidado (S-1-5-21-3690846425-4128786697-235807194-501 - Limited - Disabled)
Lailane (S-1-5-21-3690846425-4128786697-235807194-1000 - Administrator - Enabled) => C:\Users\Lailane
==================== Faulty Device Manager Devices =============
Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Controlador de aquisição de dados e processamento de sinal PCI
Description: Controlador de aquisição de dados e processamento de sinal PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2014 03:29:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (10/10/2014 01:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa firefox.exe versão 32.0.3.5379 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID de Processo: 16a0
Hora de Início: 01cfe4a8d503cb61
Hora de Término: 31
Caminho do Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe
Id do Relatório: 71358fa7-509e-11e4-b021-1078d26b1426
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddWin32ServiceFiles: Unable to back up image of service PSafe Total since QueryServiceConfig API failed
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Quantum DeepScanner Servers.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary HookPort.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary EfiSystemMon.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360SelfProtection.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {d123c42a-b32d-4e94-96cc-6b86f5453c7b}
Error: (10/10/2014 01:31:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (10/10/2014 03:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 03:29:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:37:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço PSafe Total foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (10/10/2014 01:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:31:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 13:30:01 às 10/10/2014 não era esperado.
Error: (10/10/2014 01:28:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:26:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:13:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 3176.5 MB
Available physical RAM: 1842.11 MB
Total Pagefile: 6351.29 MB
Available Pagefile: 4936.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.56 GB) (Free:12.23 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:195.31 GB) (Free:54.23 GB) NTFS
Drive e: () (Fixed) (Total:195.79 GB) (Free:194.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 23ADC27F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ran by Lailane at 2014-10-10 15:35:50
Running from C:\Users\Lailane\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 4.0.3.57478 - Baidu, Inc.)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{757C4173-6457-48F5-898E-CF6A8E62287F}) (Version: 0.8.3.3026 - BlueStack Systems, Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Sound Recorder v9.6.1 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2013 FreeSoundRecorder Technologies, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Instalação do DivX (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 pt-BR) (HKLM\...\Mozilla Firefox 32.0.3 (x86 pt-BR)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Noise Reduction Plug-In 2.0 (HKLM\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
Opera Stable 18.0.1284.49 (HKLM\...\Opera 18.0.1284.49) (Version: 18.0.1284.49 - Opera Software ASA)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sound Forge Pro 10.0 (HKLM\...\{9660B18F-EC12-11DF-B006-0013D3D69929}) (Version: 10.0.491 - Sony)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - Portuguese (Brazil) (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
WinAVI Video Converter 9.0 (HKLM\...\WinAVI Video Converter 9.09.0) (Version: 9.0 - WinAVI Video Converter 9.0)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Lailane\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Lailane\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3690846425-4128786697-235807194-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Lailane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
01-10-2014 21:03:48 Backup do Windows
10-10-2014 13:05:10 Backup do Windows
10-10-2014 13:12:20 zoek.exe restore point
10-10-2014 15:34:58 Instalado Realtek Ethernet Controller Driver For Windows Vista aèw
10-10-2014 15:39:46 avast! antivirus system restore point
10-10-2014 16:08:01 Instalado REALTEK PCIE Wireless LAN Driver
10-10-2014 16:20:32 Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.
10-10-2014 16:39:37 ZHPFix Restore System Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:04 - 2014-10-10 10:13 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {043ADA78-EDF7-458E-93C3-1414A271039B} - System32\Tasks\RNUpgradeHelperLogonPrompt_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {071BE571-4E1C-4C9D-A4A0-E3276A174C69} - System32\Tasks\ReclaimerUpdateXML_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {18543E84-0C9F-4C84-9F6F-1BE07AF98E30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-16] (Google Inc.)
Task: {2B07D0F5-FAF0-42B1-AD7F-9FBF6708B296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-22] (Adobe Systems Incorporated)
Task: {2B42A081-52C0-470C-AE76-C30D22338896} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3690846425-4128786697-235807194-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3BEA3B38-AB56-4297-BDC9-463A30271930} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3690846425-4128786697-235807194-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {468328CA-67EE-47DB-B34A-6F9589930BCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-10] (AVAST Software)
Task: {4FE54DF6-7868-4FC3-87CF-3EB22031E585} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {8E6CC002-2CA3-4DDE-AA05-F3B1DB119E39} - System32\Tasks\ReclaimerUpdateFiles_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {CF17D82A-55F0-47CC-A93C-ACCF3FC1F268} - System32\Tasks\RNUpgradeHelperResumePrompt_Lailane => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {F6D9B11A-3CEB-41EC-8A6C-1A45F523A572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-16] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job => C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job => C:\Users\Lailane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lailane.job => C:\Users\Lailane\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2014-10-10 12:45 - 2014-10-10 12:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2013-11-16 13:34 - 2013-11-16 07:51 - 02141184 _____ () C:\Program Files\AVAST Software\Avast\defs\13111600\algo.dll
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
2013-06-27 06:56 - 2013-06-27 06:56 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-10-10 12:45 - 2014-10-10 12:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-30 20:02 - 2014-09-24 02:09 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-22 10:25 - 2014-04-22 10:25 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrador (S-1-5-21-3690846425-4128786697-235807194-500 - Administrator - Disabled)
Convidado (S-1-5-21-3690846425-4128786697-235807194-501 - Limited - Disabled)
Lailane (S-1-5-21-3690846425-4128786697-235807194-1000 - Administrator - Enabled) => C:\Users\Lailane
==================== Faulty Device Manager Devices =============
Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Controlador de aquisição de dados e processamento de sinal PCI
Description: Controlador de aquisição de dados e processamento de sinal PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2014 03:29:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (10/10/2014 01:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa firefox.exe versão 32.0.3.5379 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID de Processo: 16a0
Hora de Início: 01cfe4a8d503cb61
Hora de Término: 31
Caminho do Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe
Id do Relatório: 71358fa7-509e-11e4-b021-1078d26b1426
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddWin32ServiceFiles: Unable to back up image of service PSafe Total since QueryServiceConfig API failed
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Quantum DeepScanner Servers.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary HookPort.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary EfiSystemMon.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary BAPIDRV.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary 360SelfProtection.
System Error:
O sistema não pode encontrar o arquivo especificado.
.
Error: (10/10/2014 01:39:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {d123c42a-b32d-4e94-96cc-6b86f5453c7b}
Error: (10/10/2014 01:31:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
System errors:
=============
Error: (10/10/2014 03:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 03:29:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:37:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço PSafe Total foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (10/10/2014 01:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:31:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 13:30:01 às 10/10/2014 não era esperado.
Error: (10/10/2014 01:28:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:26:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Error: (10/10/2014 01:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Intel(R) Dynamic Application Loader Host Interface Service devido ao seguinte erro:
%%2
Error: (10/10/2014 01:13:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 42%
Total physical RAM: 3176.5 MB
Available physical RAM: 1842.11 MB
Total Pagefile: 6351.29 MB
Available Pagefile: 4936.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.64 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.56 GB) (Free:12.23 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:195.31 GB) (Free:54.23 GB) NTFS
Drive e: () (Fixed) (Total:195.79 GB) (Free:194.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 23ADC27F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinho
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist.txt.
> Salve-a no desktop! ( Área de trabalho ... )
start
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
HKLM\...\Run: [Baidu Antivirus] => "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [1923376 2014-01-21] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [459416 2014-01-21] (Baidu, Inc.)
S2 jhi_service; "C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [112896 2014-01-03] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [19168 2014-01-21] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [43840 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [27456 2014-01-21] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [71328 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [135488 2014-01-21] (Baidu, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2014-10-10 13:39 - 2014-10-10 13:39 - 00003048 _____ () C:\Users\Lailane\Desktop\ZHPFixReport.txt
2014-10-10 13:38 - 2014-10-10 13:38 - 00000000 _____ () C:\Users\Lailane\Desktop\ZHPFIX.txt
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\ProgramData\Baidu
2014-10-10 12:10 - 2014-10-10 12:10 - 00031415 _____ () C:\Users\Lailane\Desktop\ZHPDiag.txt
2014-10-10 12:07 - 2014-10-10 13:39 - 00000000 ____D () C:\Users\Lailane\AppData\Roaming\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00001933 _____ () C:\Users\Lailane\Desktop\ZHPFix.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00001806 _____ () C:\Users\Lailane\Desktop\ZHPDiag.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-10-10 12:06 - 2014-08-23 08:25 - 06859520 _____ (Nicolas Coolman ) C:\Users\Lailane\Desktop\ZHPDiag2.exe
2014-10-10 11:59 - 2014-10-10 11:59 - 00001116 _____ () C:\Users\Lailane\Desktop\JRT.txt
2014-10-10 11:47 - 2014-10-10 11:47 - 00016577 _____ () C:\Users\Lailane\Desktop\AdwCleaner[S0].txt
2014-10-10 11:41 - 2014-10-10 11:41 - 00039810 _____ () C:\Users\Lailane\Desktop\zoek-results.txt
2014-10-10 11:39 - 2014-10-10 15:27 - 00079818 _____ () C:\Windows\PFRO.log
2014-10-10 11:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-10 10:09 - 2014-10-10 11:39 - 00000000 ____D () C:\zoek_backup
2014-10-10 10:09 - 2014-07-16 10:00 - 01016261 _____ (Thisisu) C:\Users\Lailane\Desktop\JRT.exe
2014-10-10 10:09 - 2014-07-16 04:32 - 04243371 _____ () C:\Users\Lailane\Desktop\zoek.rar
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.scr
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.pif
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.com
2014-10-10 13:28 - 2013-11-02 01:01 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job
2014-10-10 13:28 - 2013-11-02 01:01 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job
2014-09-14 15:26 - 2014-04-22 11:54 - 00000000 ____D () C:\Program Files\PSafe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
end
> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
> Poste o relatório! (Fixlog.txt)
A+
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist.txt.
> Salve-a no desktop! ( Área de trabalho ... )
start
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
HKLM\...\Run: [Baidu Antivirus] => "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [1923376 2014-01-21] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [459416 2014-01-21] (Baidu, Inc.)
S2 jhi_service; "C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [112896 2014-01-03] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [19168 2014-01-21] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [43840 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [27456 2014-01-21] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [71328 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [135488 2014-01-21] (Baidu, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2014-10-10 13:39 - 2014-10-10 13:39 - 00003048 _____ () C:\Users\Lailane\Desktop\ZHPFixReport.txt
2014-10-10 13:38 - 2014-10-10 13:38 - 00000000 _____ () C:\Users\Lailane\Desktop\ZHPFIX.txt
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\ProgramData\Baidu
2014-10-10 12:10 - 2014-10-10 12:10 - 00031415 _____ () C:\Users\Lailane\Desktop\ZHPDiag.txt
2014-10-10 12:07 - 2014-10-10 13:39 - 00000000 ____D () C:\Users\Lailane\AppData\Roaming\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00001933 _____ () C:\Users\Lailane\Desktop\ZHPFix.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00001806 _____ () C:\Users\Lailane\Desktop\ZHPDiag.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-10-10 12:06 - 2014-08-23 08:25 - 06859520 _____ (Nicolas Coolman ) C:\Users\Lailane\Desktop\ZHPDiag2.exe
2014-10-10 11:59 - 2014-10-10 11:59 - 00001116 _____ () C:\Users\Lailane\Desktop\JRT.txt
2014-10-10 11:47 - 2014-10-10 11:47 - 00016577 _____ () C:\Users\Lailane\Desktop\AdwCleaner[S0].txt
2014-10-10 11:41 - 2014-10-10 11:41 - 00039810 _____ () C:\Users\Lailane\Desktop\zoek-results.txt
2014-10-10 11:39 - 2014-10-10 15:27 - 00079818 _____ () C:\Windows\PFRO.log
2014-10-10 11:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-10 10:09 - 2014-10-10 11:39 - 00000000 ____D () C:\zoek_backup
2014-10-10 10:09 - 2014-07-16 10:00 - 01016261 _____ (Thisisu) C:\Users\Lailane\Desktop\JRT.exe
2014-10-10 10:09 - 2014-07-16 04:32 - 04243371 _____ () C:\Users\Lailane\Desktop\zoek.rar
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.scr
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.pif
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.com
2014-10-10 13:28 - 2013-11-02 01:01 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job
2014-10-10 13:28 - 2013-11-02 01:01 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job
2014-09-14 15:26 - 2014-04-22 11:54 - 00000000 ____D () C:\Program Files\PSafe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
end
> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
> Poste o relatório! (Fixlog.txt)
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-10-2014 01
Ran by Lailane at 2014-10-10 16:21:04 Run:1
Running from C:\Users\Lailane\Desktop
Loaded Profile: Lailane (Available profiles: Lailane)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
HKLM\...\Run: [Baidu Antivirus] => "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [1923376 2014-01-21] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [459416 2014-01-21] (Baidu, Inc.)
S2 jhi_service; "C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [112896 2014-01-03] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [19168 2014-01-21] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [43840 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [27456 2014-01-21] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [71328 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [135488 2014-01-21] (Baidu, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2014-10-10 13:39 - 2014-10-10 13:39 - 00003048 _____ () C:\Users\Lailane\Desktop\ZHPFixReport.txt
2014-10-10 13:38 - 2014-10-10 13:38 - 00000000 _____ () C:\Users\Lailane\Desktop\ZHPFIX.txt
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\ProgramData\Baidu
2014-10-10 12:10 - 2014-10-10 12:10 - 00031415 _____ () C:\Users\Lailane\Desktop\ZHPDiag.txt
2014-10-10 12:07 - 2014-10-10 13:39 - 00000000 ____D () C:\Users\Lailane\AppData\Roaming\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00001933 _____ () C:\Users\Lailane\Desktop\ZHPFix.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00001806 _____ () C:\Users\Lailane\Desktop\ZHPDiag.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-10-10 12:06 - 2014-08-23 08:25 - 06859520 _____ (Nicolas Coolman ) C:\Users\Lailane\Desktop\ZHPDiag2.exe
2014-10-10 11:59 - 2014-10-10 11:59 - 00001116 _____ () C:\Users\Lailane\Desktop\JRT.txt
2014-10-10 11:47 - 2014-10-10 11:47 - 00016577 _____ () C:\Users\Lailane\Desktop\AdwCleaner[S0].txt
2014-10-10 11:41 - 2014-10-10 11:41 - 00039810 _____ () C:\Users\Lailane\Desktop\zoek-results.txt
2014-10-10 11:39 - 2014-10-10 15:27 - 00079818 _____ () C:\Windows\PFRO.log
2014-10-10 11:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-10 10:09 - 2014-10-10 11:39 - 00000000 ____D () C:\zoek_backup
2014-10-10 10:09 - 2014-07-16 10:00 - 01016261 _____ (Thisisu) C:\Users\Lailane\Desktop\JRT.exe
2014-10-10 10:09 - 2014-07-16 04:32 - 04243371 _____ () C:\Users\Lailane\Desktop\zoek.rar
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.scr
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.pif
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.com
2014-10-10 13:28 - 2013-11-02 01:01 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job
2014-10-10 13:28 - 2013-11-02 01:01 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job
2014-09-14 15:26 - 2014-04-22 11:54 - 00000000 ____D () C:\Program Files\PSafe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
end
*****************
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6} => The item is protected. Make sure the software is uninstalled and its services are removed.
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B} => The item is protected. Make sure the software is uninstalled and its services are removed.
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe => Failed to close process.
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe => Failed to close process.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Baidu Antivirus => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
BAVSvc => Service stopped successfully.
BAVSvc => Service deleted successfully.
BHipsSvc => Unable to stop service
BHipsSvc => Service deleted successfully.
jhi_service => Service deleted successfully.
NMIndexingService => Service deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bfilter => Unable to stop service
Bfilter => Service deleted successfully.
Bfmon => Unable to stop service
Bfmon => Service deleted successfully.
Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
Bprotect => Unable to stop service
Bprotect => Service deleted successfully.
RSUSBSTOR => Service deleted successfully.
RTWlanE => Service deleted successfully.
ZTEusbmdm6k => Service deleted successfully.
ZTEusbnmea => Service deleted successfully.
ZTEusbser6k => Service deleted successfully.
C:\Users\Lailane\Desktop\ZHPFixReport.txt => Moved successfully.
C:\Users\Lailane\Desktop\ZHPFIX.txt => Moved successfully.
C:\Users\Todos os Usuários\Baidu => Moved successfully.
"C:\ProgramData\Baidu" => File/Directory not found.
C:\Users\Lailane\Desktop\ZHPDiag.txt => Moved successfully.
C:\Users\Lailane\AppData\Roaming\ZHP => Moved successfully.
C:\Users\Lailane\Desktop\ZHPFix.lnk => Moved successfully.
C:\Users\Lailane\Desktop\ZHPDiag.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => Moved successfully.
C:\Program Files\ZHPDiag => Moved successfully.
C:\Users\Lailane\Desktop\ZHPDiag2.exe => Moved successfully.
C:\Users\Lailane\Desktop\JRT.txt => Moved successfully.
C:\Users\Lailane\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Users\Lailane\Desktop\zoek-results.txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Lailane\Desktop\JRT.exe => Moved successfully.
C:\Users\Lailane\Desktop\zoek.rar => Moved successfully.
C:\Users\Lailane\Desktop\zoek.scr => Moved successfully.
C:\Users\Lailane\Desktop\zoek.pif => Moved successfully.
C:\Users\Lailane\Desktop\zoek.com => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job => Moved successfully.
C:\Program Files\PSafe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10AB9E2B-D995-4355-B31F-0538BA2569C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10AB9E2B-D995-4355-B31F-0538BA2569C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CAFC3E0-ADB0-4980-A4B9-999B195616C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CAFC3E0-ADB0-4980-A4B9-999B195616C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79952180-0F08-48D9-9F0F-3B3EA27E69C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79952180-0F08-48D9-9F0F-3B3EA27E69C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE82D958-3D4F-4427-9B20-A103E7A7180A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE82D958-3D4F-4427-9B20-A103E7A7180A}" => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Ran by Lailane at 2014-10-10 16:21:04 Run:1
Running from C:\Users\Lailane\Desktop
Loaded Profile: Lailane (Available profiles: Lailane)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
HKLM\...\Run: [Baidu Antivirus] => "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll (Baidu, Inc.)
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [1923376 2014-01-21] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [459416 2014-01-21] (Baidu, Inc.)
S2 jhi_service; "C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [112896 2014-01-03] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [19168 2014-01-21] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [43840 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [27456 2014-01-21] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [71328 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [135488 2014-01-21] (Baidu, Inc.)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2014-10-10 13:39 - 2014-10-10 13:39 - 00003048 _____ () C:\Users\Lailane\Desktop\ZHPFixReport.txt
2014-10-10 13:38 - 2014-10-10 13:38 - 00000000 _____ () C:\Users\Lailane\Desktop\ZHPFIX.txt
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu
2014-10-10 13:13 - 2014-10-10 13:13 - 00000000 ____D () C:\ProgramData\Baidu
2014-10-10 12:10 - 2014-10-10 12:10 - 00031415 _____ () C:\Users\Lailane\Desktop\ZHPDiag.txt
2014-10-10 12:07 - 2014-10-10 13:39 - 00000000 ____D () C:\Users\Lailane\AppData\Roaming\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00001933 _____ () C:\Users\Lailane\Desktop\ZHPFix.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00001806 _____ () C:\Users\Lailane\Desktop\ZHPDiag.lnk
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-10 12:07 - 2014-10-10 12:07 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-10-10 12:06 - 2014-08-23 08:25 - 06859520 _____ (Nicolas Coolman ) C:\Users\Lailane\Desktop\ZHPDiag2.exe
2014-10-10 11:59 - 2014-10-10 11:59 - 00001116 _____ () C:\Users\Lailane\Desktop\JRT.txt
2014-10-10 11:47 - 2014-10-10 11:47 - 00016577 _____ () C:\Users\Lailane\Desktop\AdwCleaner[S0].txt
2014-10-10 11:41 - 2014-10-10 11:41 - 00039810 _____ () C:\Users\Lailane\Desktop\zoek-results.txt
2014-10-10 11:39 - 2014-10-10 15:27 - 00079818 _____ () C:\Windows\PFRO.log
2014-10-10 11:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-10 10:09 - 2014-10-10 11:39 - 00000000 ____D () C:\zoek_backup
2014-10-10 10:09 - 2014-07-16 10:00 - 01016261 _____ (Thisisu) C:\Users\Lailane\Desktop\JRT.exe
2014-10-10 10:09 - 2014-07-16 04:32 - 04243371 _____ () C:\Users\Lailane\Desktop\zoek.rar
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.scr
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.pif
2014-10-10 10:09 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\Lailane\Desktop\zoek.com
2014-10-10 13:28 - 2013-11-02 01:01 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job
2014-10-10 13:28 - 2013-11-02 01:01 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job
2014-09-14 15:26 - 2014-04-22 11:54 - 00000000 ____D () C:\Program Files\PSafe
Task: {10AB9E2B-D995-4355-B31F-0538BA2569C1} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core No Task File <==== ATTENTION
Task: {5CAFC3E0-ADB0-4980-A4B9-999B195616C6} - \FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA No Task File <==== ATTENTION
Task: {79952180-0F08-48D9-9F0F-3B3EA27E69C1} - \Baidu Antivirus Update No Task File <==== ATTENTION
Task: {EE82D958-3D4F-4427-9B20-A103E7A7180A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
2014-01-21 11:17 - 2014-01-21 11:17 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
end
*****************
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6} => The item is protected. Make sure the software is uninstalled and its services are removed.
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B} => The item is protected. Make sure the software is uninstalled and its services are removed.
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe => Failed to close process.
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe => Failed to close process.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Baidu Antivirus => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
BAVSvc => Service stopped successfully.
BAVSvc => Service deleted successfully.
BHipsSvc => Unable to stop service
BHipsSvc => Service deleted successfully.
jhi_service => Service deleted successfully.
NMIndexingService => Service deleted successfully.
BdApiUtil => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bfilter => Unable to stop service
Bfilter => Service deleted successfully.
Bfmon => Unable to stop service
Bfmon => Service deleted successfully.
Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
Bprotect => Unable to stop service
Bprotect => Service deleted successfully.
RSUSBSTOR => Service deleted successfully.
RTWlanE => Service deleted successfully.
ZTEusbmdm6k => Service deleted successfully.
ZTEusbnmea => Service deleted successfully.
ZTEusbser6k => Service deleted successfully.
C:\Users\Lailane\Desktop\ZHPFixReport.txt => Moved successfully.
C:\Users\Lailane\Desktop\ZHPFIX.txt => Moved successfully.
C:\Users\Todos os Usuários\Baidu => Moved successfully.
"C:\ProgramData\Baidu" => File/Directory not found.
C:\Users\Lailane\Desktop\ZHPDiag.txt => Moved successfully.
C:\Users\Lailane\AppData\Roaming\ZHP => Moved successfully.
C:\Users\Lailane\Desktop\ZHPFix.lnk => Moved successfully.
C:\Users\Lailane\Desktop\ZHPDiag.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => Moved successfully.
C:\Program Files\ZHPDiag => Moved successfully.
C:\Users\Lailane\Desktop\ZHPDiag2.exe => Moved successfully.
C:\Users\Lailane\Desktop\JRT.txt => Moved successfully.
C:\Users\Lailane\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Users\Lailane\Desktop\zoek-results.txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Lailane\Desktop\JRT.exe => Moved successfully.
C:\Users\Lailane\Desktop\zoek.rar => Moved successfully.
C:\Users\Lailane\Desktop\zoek.scr => Moved successfully.
C:\Users\Lailane\Desktop\zoek.pif => Moved successfully.
C:\Users\Lailane\Desktop\zoek.com => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core.job => Moved successfully.
C:\Program Files\PSafe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10AB9E2B-D995-4355-B31F-0538BA2569C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10AB9E2B-D995-4355-B31F-0538BA2569C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CAFC3E0-ADB0-4980-A4B9-999B195616C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CAFC3E0-ADB0-4980-A4B9-999B195616C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3690846425-4128786697-235807194-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79952180-0F08-48D9-9F0F-3B3EA27E69C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79952180-0F08-48D9-9F0F-3B3EA27E69C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE82D958-3D4F-4427-9B20-A103E7A7180A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE82D958-3D4F-4427-9B20-A103E7A7180A}" => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinho
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by techsupportall.com )
> Salve-a no desktop!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Dê início a verificação,clicando em Scan.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir seu prescan,clique OK.
> Ps: Cada guia irá mostrar o que será removido!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Clique "Next" >> Aguarde!
< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt <<
> Poste o relatório!
Abs!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by techsupportall.com )
> Salve-a no desktop!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Dê início a verificação,clicando em Scan.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir seu prescan,clique OK.
> Ps: Cada guia irá mostrar o que será removido!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Clique "Next" >> Aguarde!
< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt <<
> Poste o relatório!
Abs!
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool v3.9
Time: 2014_10_10_16_55_30
OS: Windows 7 - 32 Bit
Account Name: Lailane
U0L0S8
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
Deleted - File - C:\Users\Lailane\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage
Deleted - File - C:\Users\Lailane\Appdata\Roaming\Microsoft\Windows\Cookies\lailane@conduit-data[1].txt
Deleted - File - C:\Users\Lailane\Appdata\Roaming\Microsoft\Windows\Cookies\lailane@babylon[2].txt
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION:snapdo.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\common\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\common\iconswide\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\application\
\\ Finished
Adware Removal Tool v3.9
Time: 2014_10_10_16_55_30
OS: Windows 7 - 32 Bit
Account Name: Lailane
U0L0S8
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
Deleted - File - C:\Users\Lailane\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage
Deleted - File - C:\Users\Lailane\Appdata\Roaming\Microsoft\Windows\Cookies\lailane@conduit-data[1].txt
Deleted - File - C:\Users\Lailane\Appdata\Roaming\Microsoft\Windows\Cookies\lailane@babylon[2].txt
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION:snapdo.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\common\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\common\iconswide\
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\Folders:c:\users\lailane\appdata\local\smartbar\application\
\\ Finished
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinho
> Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Com as caixinhas marcadas,clique Executar!
> Reinicie o computador!
> Tudo Ok?
A+
> Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Com as caixinhas marcadas,clique Executar!
> Reinicie o computador!
> Tudo Ok?
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Vi que o baidu ainda está instalado no PC, devo remover pelo programas e recursos?
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Boa Tarde! luizvilarinholuizvilarinho escreveu:Vi que o baidu ainda está instalado no PC, devo remover pelo programas e recursos?
> São resquícios inválidos,que podem ser removidos manualmente ou pelo recurso que lhe agrade.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Vez em quando recebo notificação da central de segurança para ativar o baidu antivirus, tem algum procedimento a ser executado?
Usei o Revo Uninstaller e acho que consegui remover esse baidu.
Usei o Revo Uninstaller e acho que consegui remover esse baidu.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
- Boa Noite! luizvilarinho
- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Swearware )
- Salve-o no desktop! ( Área de trabalho! )
- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
- Feche algum programa/arquivo que esteja aberto.
- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
- Ps: Esteja conectado(a) à Internet. << Importante!
- É preciso estar logado no sistema com privilégios de administrador.
- Execute ComboFix.exe,com um duplo clique.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
- Abrir-se-á a janela Auto Scan.
- Aguarde a finalização de todas as Etapas.
- Durante o scan,evite utilizar o mouse ou teclado!
- Concluindo,poste: C:\ComboFix.txt "Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."
- Ao ocorrer este erro,basta reiniciar o computador!
- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
- Abs!
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
É mesmo necessário usar o combofix já que ele pode danificar o sistema, e já removi o baidu e deletei sua pasta com chaves no regedit
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Olá!luizvilarinho escreveu:É mesmo necessário usar o combofix já que ele pode danificar o sistema, e já removi o baidu e deletei sua pasta com chaves no regedit
Pode abortar,pois não vi sua edição ao Post,referente ao Revo Uninstaller.
Tudo OK?
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC com baidu e outras pragas
Então tudo resolvido podemos fechar o tópico.
Obrigado!
Obrigado!
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: PC com baidu e outras pragas
Caso Resolvido
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» Pragas invadiram o PC
» PC com problemas possiveis pragas
» PC infectado por várias pragas e adwares
» Como excluir Baidu Antivirus e Baidu PC Faster
» Baidu e outros
» PC com problemas possiveis pragas
» PC infectado por várias pragas e adwares
» Como excluir Baidu Antivirus e Baidu PC Faster
» Baidu e outros
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|