Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Chrome fecha quando acesso internet banking caixa
2 participantes
Página 1 de 1
Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 08:26
Fala aew, pessoal. Blz?
Estou com um problema para acessar sites de banco, principalmente o da Caixa.
Quando eu tento acessar o internet banking no Chrome ele fecha e abre o site do internet banking no IE.
Já tentei segui o tutorial disponível aqui [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] mas não funcionou como esperava.
Alguém aí poderia me ajudar?
Estou com um problema para acessar sites de banco, principalmente o da Caixa.
Quando eu tento acessar o internet banking no Chrome ele fecha e abre o site do internet banking no IE.
Já tentei segui o tutorial disponível aqui [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] mas não funcionou como esperava.
Alguém aí poderia me ajudar?
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 08:46
/!\ Bom Dia! Steve Rogers /!\
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> No banner àcima,é para sistemas 32bits!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> No banner àcima,é para sistemas 32bits!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 09:21
Ok.
Rodei o FRST e gerei os relatórios incluindo o Addiction.
Seguem os logs
Addiction: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rodei o FRST e gerei os relatórios incluindo o Addiction.
Seguem os logs
Addiction: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 09:45
/!\ Bom Dia! Steve Rogers /!\
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! /!\ C:\Users\Andrea\Downloads /!\
start
CloseProcesses:
emptytemp:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [bordart07] => regsvr32 /s "C:\Users\Andrea\AppData\Roaming\\BORDART07.jpg" <===== ATTENTION
CHR HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [68352 2013-08-27] (Baidu, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-27 08:51 - 2015-01-27 08:57 - 00000000 ___SD () C:\ComboFix
2015-01-27 08:51 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 08:51 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 08:51 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 08:50 - 2015-01-27 08:51 - 00000000 ____D () C:\Qoobox
2015-01-27 08:48 - 2015-01-27 08:49 - 05610622 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis (1).exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00009493 _____ () C:\Users\Andrea\Downloads\hijackthis.log
2015-01-27 07:51 - 2015-01-27 07:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2015-01-26 16:49 - 2015-01-26 16:49 - 00000098 _____ () C:\Users\Andrea\Desktop\resolução chrome vs ie.txt
2015-01-27 09:07 - 2012-10-08 16:41 - 01843346 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 09:03 - 2009-07-14 02:39 - 00096490 _____ () C:\Windows\setupact.log
2015-01-27 09:00 - 2012-10-09 08:56 - 00073974 _____ () C:\Windows\PFRO.log
Task: {D7F79FAC-61B8-4F85-9AFC-31630560A1DB} - System32\Tasks\DSite => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F1485F05-1397-488C-897C-CC51720ED85D} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe
C:\Users\Andrea\AppData\Local\Temp\catchme.dll
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe
CMD: ipconfig /flushdns
end
> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Downloads! /!\ C:\Users\Andrea\Downloads /!\
start
CloseProcesses:
emptytemp:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [bordart07] => regsvr32 /s "C:\Users\Andrea\AppData\Roaming\\BORDART07.jpg" <===== ATTENTION
CHR HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [68352 2013-08-27] (Baidu, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-27 08:51 - 2015-01-27 08:57 - 00000000 ___SD () C:\ComboFix
2015-01-27 08:51 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 08:51 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 08:51 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 08:50 - 2015-01-27 08:51 - 00000000 ____D () C:\Qoobox
2015-01-27 08:48 - 2015-01-27 08:49 - 05610622 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis (1).exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00009493 _____ () C:\Users\Andrea\Downloads\hijackthis.log
2015-01-27 07:51 - 2015-01-27 07:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2015-01-26 16:49 - 2015-01-26 16:49 - 00000098 _____ () C:\Users\Andrea\Desktop\resolução chrome vs ie.txt
2015-01-27 09:07 - 2012-10-08 16:41 - 01843346 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 09:03 - 2009-07-14 02:39 - 00096490 _____ () C:\Windows\setupact.log
2015-01-27 09:00 - 2012-10-09 08:56 - 00073974 _____ () C:\Windows\PFRO.log
Task: {D7F79FAC-61B8-4F85-9AFC-31630560A1DB} - System32\Tasks\DSite => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F1485F05-1397-488C-897C-CC51720ED85D} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe
C:\Users\Andrea\AppData\Local\Temp\catchme.dll
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe
CMD: ipconfig /flushdns
end
> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 10:05
Após este procedimento eu tentei acessar o Internet Banking da caixa e ele funcionou.
Você me aconselha mais um procedimento?
Segue o fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Andrea at 2015-01-27 09:51:57 Run:1
Running from C:\Users\Andrea\Downloads
Loaded Profiles: Andrea (Available profiles: Andrea)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
emptytemp:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [bordart07] => regsvr32 /s "C:\Users\Andrea\AppData\Roaming\\BORDART07.jpg" <===== ATTENTION
CHR HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [68352 2013-08-27] (Baidu, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-27 08:51 - 2015-01-27 08:57 - 00000000 ___SD () C:\ComboFix
2015-01-27 08:51 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 08:51 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 08:51 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 08:50 - 2015-01-27 08:51 - 00000000 ____D () C:\Qoobox
2015-01-27 08:48 - 2015-01-27 08:49 - 05610622 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis (1).exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00009493 _____ () C:\Users\Andrea\Downloads\hijackthis.log
2015-01-27 07:51 - 2015-01-27 07:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2015-01-26 16:49 - 2015-01-26 16:49 - 00000098 _____ () C:\Users\Andrea\Desktop\resolução chrome vs ie.txt
2015-01-27 09:07 - 2012-10-08 16:41 - 01843346 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 09:03 - 2009-07-14 02:39 - 00096490 _____ () C:\Windows\setupact.log
2015-01-27 09:00 - 2012-10-09 08:56 - 00073974 _____ () C:\Windows\PFRO.log
Task: {D7F79FAC-61B8-4F85-9AFC-31630560A1DB} - System32\Tasks\DSite => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F1485F05-1397-488C-897C-CC51720ED85D} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe
C:\Users\Andrea\AppData\Local\Temp\catchme.dll
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe
CMD: ipconfig /flushdns
end
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bordart07 => value deleted successfully.
"HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
catchme => Service deleted successfully.
motccgpfl => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ComboFix => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Users\Andrea\Downloads\ComboFix.exe => Moved successfully.
C:\Users\Andrea\Downloads\HijackThis (1).exe => Moved successfully.
C:\Users\Andrea\Downloads\hijackthis.log => Moved successfully.
C:\Users\Andrea\Downloads\HijackThis.exe => Moved successfully.
C:\Users\Andrea\Desktop\resolução chrome vs ie.txt => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7F79FAC-61B8-4F85-9AFC-31630560A1DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F79FAC-61B8-4F85-9AFC-31630560A1DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1485F05-1397-488C-897C-CC51720ED85D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1485F05-1397-488C-897C-CC51720ED85D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.
C:\Windows\Tasks\DSite.job => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\catchme.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe => Moved successfully.
========= ipconfig /flushdns =========
Configura��o de IP do Windows
Libera��o do Cache do DNS Resolver bem-sucedida.
========= End of CMD: =========
EmptyTemp: => Removed 3 GB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-27 10:00:53)<=
C:\Windows\WindowsUpdate.log => Is moved successfully.
==== End of Fixlog 10:00:53 ====
Você me aconselha mais um procedimento?
Segue o fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Andrea at 2015-01-27 09:51:57 Run:1
Running from C:\Users\Andrea\Downloads
Loaded Profiles: Andrea (Available profiles: Andrea)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
emptytemp:
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\...\Run: [bordart07] => regsvr32 /s "C:\Users\Andrea\AppData\Roaming\\BORDART07.jpg" <===== ATTENTION
CHR HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4170564532-3963732-2529252770-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [68352 2013-08-27] (Baidu, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-27 08:51 - 2015-01-27 08:57 - 00000000 ___SD () C:\ComboFix
2015-01-27 08:51 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-27 08:51 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-27 08:51 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-27 08:51 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-27 08:50 - 2015-01-27 08:51 - 00000000 ____D () C:\Qoobox
2015-01-27 08:48 - 2015-01-27 08:49 - 05610622 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis (1).exe
2015-01-27 07:52 - 2015-01-27 07:52 - 00009493 _____ () C:\Users\Andrea\Downloads\hijackthis.log
2015-01-27 07:51 - 2015-01-27 07:51 - 00388608 _____ (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2015-01-26 16:49 - 2015-01-26 16:49 - 00000098 _____ () C:\Users\Andrea\Desktop\resolução chrome vs ie.txt
2015-01-27 09:07 - 2012-10-08 16:41 - 01843346 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 09:03 - 2009-07-14 02:39 - 00096490 _____ () C:\Windows\setupact.log
2015-01-27 09:00 - 2012-10-09 08:56 - 00073974 _____ () C:\Windows\PFRO.log
Task: {D7F79FAC-61B8-4F85-9AFC-31630560A1DB} - System32\Tasks\DSite => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F1485F05-1397-488C-897C-CC51720ED85D} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andrea\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe
C:\Users\Andrea\AppData\Local\Temp\catchme.dll
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe
CMD: ipconfig /flushdns
end
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bordart07 => value deleted successfully.
"HKU\S-1-5-21-4170564532-3963732-2529252770-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
Bhbase => Unable to stop service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
catchme => Service deleted successfully.
motccgpfl => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\ComboFix => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Users\Andrea\Downloads\ComboFix.exe => Moved successfully.
C:\Users\Andrea\Downloads\HijackThis (1).exe => Moved successfully.
C:\Users\Andrea\Downloads\hijackthis.log => Moved successfully.
C:\Users\Andrea\Downloads\HijackThis.exe => Moved successfully.
C:\Users\Andrea\Desktop\resolução chrome vs ie.txt => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7F79FAC-61B8-4F85-9AFC-31630560A1DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7F79FAC-61B8-4F85-9AFC-31630560A1DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1485F05-1397-488C-897C-CC51720ED85D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1485F05-1397-488C-897C-CC51720ED85D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.
C:\Windows\Tasks\DSite.job => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\.gbas.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\catchme.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\cbSetupE.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\gbpcef.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\ICReinstall_internet-explorer-90-final-baixaki-32-bits[1].exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotoCast_Installer_2.0304.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\nitro_reader3.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\oi_{4D45D4CA-0A0D-4071-99FD-00E7C4A8F81E}.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\tzf2gk0g.dll => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\Andrea\AppData\Local\Temp\uttA167.tmp.exe => Moved successfully.
========= ipconfig /flushdns =========
Configura��o de IP do Windows
Libera��o do Cache do DNS Resolver bem-sucedida.
========= End of CMD: =========
EmptyTemp: => Removed 3 GB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-27 10:00:53)<=
C:\Windows\WindowsUpdate.log => Is moved successfully.
==== End of Fixlog 10:00:53 ====
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 10:24
/!\ Bom Dia! Steve Rogers /!\
> O seu navegador IE,ainda está na versão 8. Foi vc que aceitou essa condição?
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ps: Dê início ao scan,clicando em "Examinar".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
A+
> E o acesso foi pelo seu navegador Google Chrome?Steve Rogers escreveu:Após este procedimento eu tentei acessar o Internet Banking da caixa e ele funcionou.
> O seu navegador IE,ainda está na versão 8. Foi vc que aceitou essa condição?
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ps: Dê início ao scan,clicando em "Examinar".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 10:31
E o acesso foi pelo seu navegador Google Chrome?
O seu navegador IE,ainda está na versão 8. Foi vc que aceitou essa condição.
Acessei pelo chrome.
Este computador estava com o windows update desativado.
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 10:39
Segue o Relatório do ADWCleaner:
# AdwCleaner v4.109 - Relatório criado 27/01/2015 às 10:32:54
# Atualizado 24/01/2015 por Xplode
# Database : 2015-01-26.1 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Andrea - BORDART07
# Executando de : C:\Users\Andrea\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\Program Files\AVG Secure Search
Pasta Deletada : C:\Program Files\ShowMyPCService
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\Andrea\AppData\Local\AVG Secure Search
Pasta Deletada : C:\Users\Andrea\AppData\Local\FileViewPro
Pasta Deletada : C:\Users\Andrea\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Andrea\Documents\Updater
Arquivo Deletada : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default\invalidprefs.js
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Arquivo Deletada : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default\user.js
***** [ Tarefas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKCU\Software\BABSOLUTION
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\AppDataLow\Software\findlyrics
Chave Deletedo : HKLM\SOFTWARE\AVG Security Toolbar
Chave Deletedo : HKLM\SOFTWARE\Delta
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tarma Installer
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v31.0 (x86 en-US)
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.admin", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.aflt", "babsst");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.bbDpng", "31");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.cntry", "BR");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.excTlbr", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.hdrMd5", "DF587F4FBF834C0A7ED2BD8B6B2775E9");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.id", "de3988b2000000000000001cc0435dc5");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.instlDay", "15951");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.instlRef", "sst");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.24.611:41:39");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.newTab", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.prdct", "delta");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.rvrt", "false");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.sg", "azb");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.smplGrp", "none");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.tlbrId", "base");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsn", "1.8.24.6");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.24.611:41:39");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsni", "1.8.24.6");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.babExt", "");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=121225&tsp=4994");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v40.0.2214.91
*************************
AdwCleaner[R0].txt - [8060 octets] - [27/01/2015 10:29:57]
AdwCleaner[S0].txt - [8050 octets] - [27/01/2015 10:32:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8110 octets] ##########
# AdwCleaner v4.109 - Relatório criado 27/01/2015 às 10:32:54
# Atualizado 24/01/2015 por Xplode
# Database : 2015-01-26.1 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Andrea - BORDART07
# Executando de : C:\Users\Andrea\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\Program Files\AVG Secure Search
Pasta Deletada : C:\Program Files\ShowMyPCService
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\Andrea\AppData\Local\AVG Secure Search
Pasta Deletada : C:\Users\Andrea\AppData\Local\FileViewPro
Pasta Deletada : C:\Users\Andrea\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Andrea\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Andrea\Documents\Updater
Arquivo Deletada : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default\invalidprefs.js
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Arquivo Deletada : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default\user.js
***** [ Tarefas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Deletedo : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Deletedo : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKCU\Software\BABSOLUTION
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\AppDataLow\Software\findlyrics
Chave Deletedo : HKLM\SOFTWARE\AVG Security Toolbar
Chave Deletedo : HKLM\SOFTWARE\Delta
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tarma Installer
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v31.0 (x86 en-US)
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.admin", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.aflt", "babsst");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.bbDpng", "31");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.cntry", "BR");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.excTlbr", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.hdrMd5", "DF587F4FBF834C0A7ED2BD8B6B2775E9");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.id", "de3988b2000000000000001cc0435dc5");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.instlDay", "15951");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.instlRef", "sst");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.24.611:41:39");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.newTab", false);
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.prdct", "delta");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.rvrt", "false");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.sg", "azb");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.smplGrp", "none");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.tlbrId", "base");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsn", "1.8.24.6");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.24.611:41:39");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta.vrsni", "1.8.24.6");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.babExt", "");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=121225&tsp=4994");
[w3s6g7zc.default\prefs.js] - Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v40.0.2214.91
*************************
AdwCleaner[R0].txt - [8060 octets] - [27/01/2015 10:29:57]
AdwCleaner[S0].txt - [8050 octets] - [27/01/2015 10:32:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8110 octets] ##########
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 10:50
/!\ Ok! Steve Rogers /!\Steve Rogers escreveu:E o acesso foi pelo seu navegador Google Chrome?
O seu navegador IE,ainda está na versão 8. Foi vc que aceitou essa condição.
Acessei pelo chrome.
Este computador estava com o windows update desativado.
> Resta-nos,apenas a busca por adwares com o AdwCleaner.
... Editando!
Ok! Já realizado!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 10:59
Segue relatório:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by Andrea on 27/01/2015 at 10:55:08,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Baidu PC Faster Update
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\ProgramData\application data\baidu security"
Successfully deleted: [Folder] "C:\Users\Andrea\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files\baidu security"
~~~ FireFox
Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\w3s6g7zc.default\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/01/2015 at 10:57:50,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by Andrea on 27/01/2015 at 10:55:08,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Baidu PC Faster Update
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\ProgramData\application data\baidu security"
Successfully deleted: [Folder] "C:\Users\Andrea\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files\baidu security"
~~~ FireFox
Emptied folder: C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\w3s6g7zc.default\minidumps [11 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/01/2015 at 10:57:50,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 11:12
/!\ Bom Dia! Steve Rogers /!\
###
Successfully deleted: [File] C:\Windows\System32\Tasks\Baidu PC Faster Update
###
> A JRT apontou uma tarefa do Baidu PC Faster,em sua máquina.
> Vamos,então,ínvestigar sua presença maliciosa com a Zoek.
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
emptyfolderscheck;delete
ipconfig /flushdns;b
quickscan;
emptytemp;
emptyclsid;
autoclean;
Baidu;a
Baidu;z
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
###
Successfully deleted: [File] C:\Windows\System32\Tasks\Baidu PC Faster Update
###
> A JRT apontou uma tarefa do Baidu PC Faster,em sua máquina.
> Vamos,então,ínvestigar sua presença maliciosa com a Zoek.
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
emptyfolderscheck;delete
ipconfig /flushdns;b
quickscan;
emptytemp;
emptyclsid;
autoclean;
Baidu;a
Baidu;z
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 13:26
Opa. Foi mal a demora. Eu estava almoçando. rs
Segue abaixo o relatório:
Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by Andrea on 27/01/2015 at 11:15:51,11.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andrea\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27/01/2015 11:16:58 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\FreeTime deleted successfully
C:\PROGRA~2\firebird deleted successfully
C:\Users\Andrea\AppData\Roaming\img deleted successfully
C:\Users\Andrea\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\Andrea\AppData\Local\Safe mirror deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.3.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater15.3.0 deleted successfully
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\iunidanfe3.exe deleted
C:\Users\Andrea\AppData\Roaming\WB.CFG deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\AVG January 2013 Campaign deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\ROC_REG_JAN_DELETE.job deleted
C:\Windows\system32\tasks\ROC_REG_JAN_DELETE deleted
C:\Users\Andrea\AppData\Roaming\unins000.exe deleted
C:\Users\Andrea\AppData\Roaming\unins001.exe deleted
"C:\Users\Andrea\AppData\Roaming\bo" deleted
"C:\Users\Andrea\AppData\Roaming\bor" deleted
"C:\Users\Andrea\AppData\Roaming\id" deleted
"C:\Users\Andrea\AppData\Roaming\iv" deleted
"C:\Users\Andrea\AppData\Roaming\LaserPrinter" deleted
"C:\Users\Andrea\AppData\Roaming\LaunchAgents" deleted
"C:\Users\Andrea\AppData\Roaming\Legacy" deleted
"C:\Users\Andrea\AppData\Roaming\lg" deleted
"C:\ProgramData\Light Machine" deleted
"C:\ProgramData\Limiter" deleted
==== Folders Found ======================
2013-09-03 14:40:43 2013-09-03 14:43:28 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\FRST\Quarantine\C\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe.xBAD ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.7.1.39149
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 9754600
Created time: 2013-09-03 14:40:50
Modified time: 2013-09-03 14:40:50
MD5: 348165F6E174E59EF993CBE17AFAED50
SHA1: 7C187DB832FBC9E37E2C782611E53F0BB7E8E1A0
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}]
"Path"="\\Baidu PC Faster Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=S16OJ50Q-001CC0435DC5!fb1c6ddb-b944-4757-b6d4-c7776ac71f78@#001CC0435DC5&install_time=2013-09-03 14:43:31"
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=dword:00000001
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000020
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Andrea\AppData\Local\Temp ====
2015-01-27 12:54:51 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-27 12:54:51 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\libintl3.dll
2015-01-27 12:54:51 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\pcre3.dll
2015-01-27 12:54:51 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\regex2.dll
2015-01-27 12:54:51 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-27 11:31:13 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-27 11:31:13 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll
2015-01-27 11:31:13 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll
2015-01-27 11:31:13 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe
2015-01-27 11:30:46 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-27 11:30:46 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-26 15:22:25 39B981380EFB66426797F124F563FEA0 249488 ------w- C:\Windows\System32\MpSigStub.exe
====== C:\Windows\system32\drivers =====
2015-01-26 17:47:56 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-26 17:47:02 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-26 17:47:02 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-26 17:47:02 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
====== C:\Windows\Tasks ======
2015-01-26 16:43:54 9A22C9E472F38194E2344FE5AD55B439 4052 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 16:43:54 1A5C0AA65B29F35CBAAD5AC17CBCD16E 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 16:43:53 2EB2581F845B5E30BA0D8119B4F78523 3800 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 16:43:53 2D89CD424C1536D9FDECAA2B130F8A2E 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:17:15 266841A7BDC89673A9F096DD4696CB12 2976 ----a-w- C:\Windows\system32\Tasks\{37CB71F6-5F53-4E04-9AFE-34959F61E26D}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-26 10:55:13 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Andrea\AppData\Roaming ======
2015-01-26 13:33:01 D2EED743FB31C3F1BE60039014D74AC0 1346560 ----a-w- C:\Users\Andrea\AppData\Roaming\BORDART07.jpg
====== C:\Users\Andrea ======
2015-01-27 12:54:24 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Andrea\Downloads\JRT.exe
2015-01-27 12:27:40 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Andrea\Downloads\AdwCleaner.exe
2015-01-27 11:14:33 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Andrea\Downloads\FRST.exe
2015-01-27 10:40:55 172ED33198484DF87FA015B695EAAD80 2873112 ----a-w- C:\Users\Andrea\Downloads\herdProtectScan_Setup.exe
2015-01-26 17:25:49 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Andrea\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 16:52:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 16:42:38 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Users\Andrea\Downloads\ChromeSetup.exe
2015-01-16 14:47:39 2123398BDE228CF2DD18664BA0F2AD9C 1835239 ----a-w- C:\Users\Andrea\Downloads\setupjaneiro (1).exe
2015-01-16 14:47:16 2123398BDE228CF2DD18664BA0F2AD9C 1835239 ----a-w- C:\Users\Andrea\Downloads\setupjaneiro.exe
====== C: exe-files ==
2015-01-27 12:54:51 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-27 12:54:24 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Andrea\Downloads\JRT.exe
2015-01-27 12:27:40 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Andrea\Downloads\AdwCleaner.exe
2015-01-27 11:31:13 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe
2015-01-27 11:30:46 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-27 11:14:33 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Andrea\Downloads\FRST.exe
2015-01-27 10:40:55 172ED33198484DF87FA015B695EAAD80 2873112 ----a-w- C:\Users\Andrea\Downloads\herdProtectScan_Setup.exe
2015-01-27 09:49:30 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files\Google\Update\Install\{3F61FC7E-ABA3-4A53-9F63-1961016017C3}\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-27 09:49:30 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-26 17:25:49 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Andrea\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 16:52:20 EAA14B9118EEEFA1FAF152FA8162A30A 41168464 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.91\40.0.2214.91_chrome_installer.exe
2015-01-26 16:43:51 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2015-01-26 16:43:51 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2015-01-26 16:43:50 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2015-01-26 16:43:50 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2015-01-26 16:43:47 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe
2015-01-26 16:43:47 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2015-01-26 16:43:47 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2015-01-26 16:43:47 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2015-01-26 16:42:38 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Users\Andrea\Downloads\ChromeSetup.exe
2015-01-26 15:22:25 39B981380EFB66426797F124F563FEA0 249488 ------w- C:\Windows\System32\MpSigStub.exe
2015-01-26 10:54:26 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\java.exe
2015-01-26 10:54:26 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2015-01-26 10:54:26 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaws.exe
2015-01-26 10:54:26 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-01-26 10:54:26 3E72E1AB196855916E2065C604674631 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaw.exe
2015-01-26 10:54:26 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-01-26 10:54:18 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\orbd.exe
2015-01-26 10:54:18 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ssvagent.exe
2015-01-26 10:54:18 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\servertool.exe
2015-01-26 10:54:18 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmiregistry.exe
2015-01-26 10:54:18 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\unpack200.exe
2015-01-26 10:54:18 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\policytool.exe
2015-01-26 10:54:18 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\tnameserv.exe
2015-01-26 10:54:18 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\pack200.exe
2015-01-26 10:54:18 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmid.exe
2015-01-26 10:54:17 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\kinit.exe
2015-01-26 10:54:17 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jp2launcher.exe
2015-01-26 10:54:17 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ktab.exe
2015-01-26 10:54:17 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jjs.exe
2015-01-26 10:54:17 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\keytool.exe
2015-01-26 10:54:17 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaws.exe
2015-01-26 10:54:17 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
2015-01-26 10:54:17 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\klist.exe
2015-01-26 10:54:16 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
2015-01-26 10:54:16 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java-rmi.exe
2015-01-26 10:54:16 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java.exe
2015-01-26 10:54:16 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jabswitch.exe
2015-01-21 15:43:32 FA18A83CD2D176C72692F149C549E247 1374032 ----a-w- C:\Users\Andrea\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe
=== C: other files ==
2015-01-27 12:54:51 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\misc.bat
2015-01-27 12:54:51 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\prelim.bat
2015-01-27 12:54:51 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\TDL4.bat
2015-01-27 12:54:51 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\get.bat
2015-01-27 12:54:51 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\medfos.bat
2015-01-27 12:54:51 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\surfvox.bat
2015-01-27 12:54:51 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\runvalues.bat
2015-01-27 12:54:51 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-27 12:54:51 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\firefox.bat
2015-01-27 12:54:51 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-27 12:54:51 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\ask.bat
2015-01-27 12:54:51 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\iexplore.bat
2015-01-27 12:54:51 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\delfolders.bat
2015-01-27 12:54:51 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\mws.bat
2015-01-27 12:54:51 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\chrome.bat
2015-01-27 10:52:38 CD95E5EEE86D6100AF546EA783BEE743 5959 ----a-w- C:\FRST\Quarantine\C\Qoobox\BackEnv\SetPath.bat
2015-01-26 17:47:56 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-26 17:47:02 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-26 17:47:02 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-26 17:47:02 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-26 10:54:18 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files\Java\jre1.8.0_31\lib\deploy\ffjcext.zip
2015-01-21 10:40:07 13E5CA111FEBEFCEE654DAF54E7C2534 121830 ----a-w- C:\Users\Todos os Usuários\AVG2015\IDS\outbox\tmp_0bc0783e-9768-47cd-b587-d15586a7b436.zip
2015-01-21 10:40:07 13E5CA111FEBEFCEE654DAF54E7C2534 121830 ----a-w- C:\ProgramData\AVG2015\IDS\outbox\tmp_0bc0783e-9768-47cd-b587-d15586a7b436.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ORDAR"="regsvr32.exe /s C:\Users\Andrea\AppData\Roaming\img.jpg #nbvc2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"Cobian Backup 10"="C:\Program Files\Cobian Backup 10\Cobian.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY"
"wdbraz_certm"="C:\Windows\system32\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ORDAR"="regsvr32.exe /s C:\Users\Andrea\AppData\Roaming\img.jpg #nbvc2"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/01/2015 09:55]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/01/2015 14:43]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/01/2015 14:43]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-bordart07-Andrea" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Motorola Device Manager Engine" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\Motorola Device Manager Initial Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\Motorola Device Manager Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\{37CB71F6-5F53-4E04-9AFE-34959F61E26D}" [C:\Program Files\Google\Chrome\Application\chrome.exe]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [13/01/2015 08:40]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
0FC325593893749364EC4A733E7D9100 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BFD1CDA328C83054154DD05EA233F79B - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
9CD7CD8FD07718851DD8081CDF8CA3E7 - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll - AdobeExManDetect
1BC054CA69E22CC7B32AE82AA0457927 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
406106D91D3F86FD34EC194940855746 - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
AB7BC83EBDA774734D0F476A39F69B67 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library
FEF2637C0848281FD2C0FAD928DCDECA - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.91 (Possible outdated, latest Stable version: 40.0.2214.93)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 19:22]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[28/07/2014 09:41]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[23/05/2014 12:07]
Google Slides - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Empty IE Cache ======================
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67WLDNWK will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7YB4XK will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCEDX0N4 will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM4H8HQB will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQYLQ3VB will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETA933EC will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIRXAZ6K will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXKJ5HN will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=53 folders=5 21806939 bytes)
==== Empty Temp Folders ======================
C:\Users\Andrea\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Andrea\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67WLDNWK" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7YB4XK" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCEDX0N4" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM4H8HQB" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQYLQ3VB" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETA933EC" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIRXAZ6K" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXKJ5HN" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 27/01/2015 at 13:21:15,20 ======================
Segue abaixo o relatório:
Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by Andrea on 27/01/2015 at 11:15:51,11.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andrea\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27/01/2015 11:16:58 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\FreeTime deleted successfully
C:\PROGRA~2\firebird deleted successfully
C:\Users\Andrea\AppData\Roaming\img deleted successfully
C:\Users\Andrea\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\Andrea\AppData\Local\Safe mirror deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.3.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater15.3.0 deleted successfully
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\iunidanfe3.exe deleted
C:\Users\Andrea\AppData\Roaming\WB.CFG deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\AVG January 2013 Campaign deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\ROC_REG_JAN_DELETE.job deleted
C:\Windows\system32\tasks\ROC_REG_JAN_DELETE deleted
C:\Users\Andrea\AppData\Roaming\unins000.exe deleted
C:\Users\Andrea\AppData\Roaming\unins001.exe deleted
"C:\Users\Andrea\AppData\Roaming\bo" deleted
"C:\Users\Andrea\AppData\Roaming\bor" deleted
"C:\Users\Andrea\AppData\Roaming\id" deleted
"C:\Users\Andrea\AppData\Roaming\iv" deleted
"C:\Users\Andrea\AppData\Roaming\LaserPrinter" deleted
"C:\Users\Andrea\AppData\Roaming\LaunchAgents" deleted
"C:\Users\Andrea\AppData\Roaming\Legacy" deleted
"C:\Users\Andrea\AppData\Roaming\lg" deleted
"C:\ProgramData\Light Machine" deleted
"C:\ProgramData\Limiter" deleted
==== Folders Found ======================
2013-09-03 14:40:43 2013-09-03 14:43:28 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\FRST\Quarantine\C\Users\Andrea\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.39149.exe.xBAD ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.7.1.39149
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 9754600
Created time: 2013-09-03 14:40:50
Modified time: 2013-09-03 14:40:50
MD5: 348165F6E174E59EF993CBE17AFAED50
SHA1: 7C187DB832FBC9E37E2C782611E53F0BB7E8E1A0
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}]
"Path"="\\Baidu PC Faster Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=S16OJ50Q-001CC0435DC5!fb1c6ddb-b944-4757-b6d4-c7776ac71f78@#001CC0435DC5&install_time=2013-09-03 14:43:31"
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=dword:00000001
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000020
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Andrea\AppData\Local\Temp ====
2015-01-27 12:54:51 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-27 12:54:51 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\libintl3.dll
2015-01-27 12:54:51 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\pcre3.dll
2015-01-27 12:54:51 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\regex2.dll
2015-01-27 12:54:51 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-27 11:31:13 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll
2015-01-27 11:31:13 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll
2015-01-27 11:31:13 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll
2015-01-27 11:31:13 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe
2015-01-27 11:30:46 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-27 11:30:46 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll
2015-01-26 15:22:25 39B981380EFB66426797F124F563FEA0 249488 ------w- C:\Windows\System32\MpSigStub.exe
====== C:\Windows\system32\drivers =====
2015-01-26 17:47:56 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-26 17:47:02 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-26 17:47:02 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-26 17:47:02 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
====== C:\Windows\Tasks ======
2015-01-26 16:43:54 9A22C9E472F38194E2344FE5AD55B439 4052 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 16:43:54 1A5C0AA65B29F35CBAAD5AC17CBCD16E 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 16:43:53 2EB2581F845B5E30BA0D8119B4F78523 3800 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 16:43:53 2D89CD424C1536D9FDECAA2B130F8A2E 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:17:15 266841A7BDC89673A9F096DD4696CB12 2976 ----a-w- C:\Windows\system32\Tasks\{37CB71F6-5F53-4E04-9AFE-34959F61E26D}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-26 10:55:13 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Andrea\AppData\Roaming ======
2015-01-26 13:33:01 D2EED743FB31C3F1BE60039014D74AC0 1346560 ----a-w- C:\Users\Andrea\AppData\Roaming\BORDART07.jpg
====== C:\Users\Andrea ======
2015-01-27 12:54:24 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Andrea\Downloads\JRT.exe
2015-01-27 12:27:40 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Andrea\Downloads\AdwCleaner.exe
2015-01-27 11:14:33 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Andrea\Downloads\FRST.exe
2015-01-27 10:40:55 172ED33198484DF87FA015B695EAAD80 2873112 ----a-w- C:\Users\Andrea\Downloads\herdProtectScan_Setup.exe
2015-01-26 17:25:49 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Andrea\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 16:52:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 16:42:38 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Users\Andrea\Downloads\ChromeSetup.exe
2015-01-16 14:47:39 2123398BDE228CF2DD18664BA0F2AD9C 1835239 ----a-w- C:\Users\Andrea\Downloads\setupjaneiro (1).exe
2015-01-16 14:47:16 2123398BDE228CF2DD18664BA0F2AD9C 1835239 ----a-w- C:\Users\Andrea\Downloads\setupjaneiro.exe
====== C: exe-files ==
2015-01-27 12:54:51 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-27 12:54:24 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\Andrea\Downloads\JRT.exe
2015-01-27 12:27:40 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\Andrea\Downloads\AdwCleaner.exe
2015-01-27 11:31:13 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe
2015-01-27 11:30:46 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-27 11:14:33 6A0496D0BCEE7603BDF38400985EB21A 1120768 ----a-w- C:\Users\Andrea\Downloads\FRST.exe
2015-01-27 10:40:55 172ED33198484DF87FA015B695EAAD80 2873112 ----a-w- C:\Users\Andrea\Downloads\herdProtectScan_Setup.exe
2015-01-27 09:49:30 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files\Google\Update\Install\{3F61FC7E-ABA3-4A53-9F63-1961016017C3}\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-27 09:49:30 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-26 17:25:49 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Andrea\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 16:52:20 EAA14B9118EEEFA1FAF152FA8162A30A 41168464 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.91\40.0.2214.91_chrome_installer.exe
2015-01-26 16:43:51 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2015-01-26 16:43:51 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2015-01-26 16:43:50 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe
2015-01-26 16:43:50 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2015-01-26 16:43:47 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe
2015-01-26 16:43:47 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2015-01-26 16:43:47 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2015-01-26 16:43:47 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2015-01-26 16:42:38 216BD483242A6784C6EDA54EBBC04C68 880784 ----a-w- C:\Users\Andrea\Downloads\ChromeSetup.exe
2015-01-26 15:22:25 39B981380EFB66426797F124F563FEA0 249488 ------w- C:\Windows\System32\MpSigStub.exe
2015-01-26 10:54:26 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\java.exe
2015-01-26 10:54:26 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2015-01-26 10:54:26 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaws.exe
2015-01-26 10:54:26 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-01-26 10:54:26 3E72E1AB196855916E2065C604674631 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaw.exe
2015-01-26 10:54:26 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-01-26 10:54:18 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\orbd.exe
2015-01-26 10:54:18 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ssvagent.exe
2015-01-26 10:54:18 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\servertool.exe
2015-01-26 10:54:18 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmiregistry.exe
2015-01-26 10:54:18 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\unpack200.exe
2015-01-26 10:54:18 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\policytool.exe
2015-01-26 10:54:18 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\tnameserv.exe
2015-01-26 10:54:18 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\pack200.exe
2015-01-26 10:54:18 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmid.exe
2015-01-26 10:54:17 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\kinit.exe
2015-01-26 10:54:17 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jp2launcher.exe
2015-01-26 10:54:17 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ktab.exe
2015-01-26 10:54:17 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jjs.exe
2015-01-26 10:54:17 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\keytool.exe
2015-01-26 10:54:17 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaws.exe
2015-01-26 10:54:17 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
2015-01-26 10:54:17 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\klist.exe
2015-01-26 10:54:16 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
2015-01-26 10:54:16 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java-rmi.exe
2015-01-26 10:54:16 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java.exe
2015-01-26 10:54:16 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jabswitch.exe
2015-01-21 15:43:32 FA18A83CD2D176C72692F149C549E247 1374032 ----a-w- C:\Users\Andrea\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe
=== C: other files ==
2015-01-27 12:54:51 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\misc.bat
2015-01-27 12:54:51 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\prelim.bat
2015-01-27 12:54:51 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\TDL4.bat
2015-01-27 12:54:51 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\get.bat
2015-01-27 12:54:51 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\medfos.bat
2015-01-27 12:54:51 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\surfvox.bat
2015-01-27 12:54:51 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\runvalues.bat
2015-01-27 12:54:51 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-27 12:54:51 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\firefox.bat
2015-01-27 12:54:51 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-27 12:54:51 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\ask.bat
2015-01-27 12:54:51 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\iexplore.bat
2015-01-27 12:54:51 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\delfolders.bat
2015-01-27 12:54:51 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\mws.bat
2015-01-27 12:54:51 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Andrea\AppData\Local\Temp\jrt\chrome.bat
2015-01-27 10:52:38 CD95E5EEE86D6100AF546EA783BEE743 5959 ----a-w- C:\FRST\Quarantine\C\Qoobox\BackEnv\SetPath.bat
2015-01-26 17:47:56 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-26 17:47:02 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-26 17:47:02 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-26 17:47:02 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-26 10:54:18 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files\Java\jre1.8.0_31\lib\deploy\ffjcext.zip
2015-01-21 10:40:07 13E5CA111FEBEFCEE654DAF54E7C2534 121830 ----a-w- C:\Users\Todos os Usuários\AVG2015\IDS\outbox\tmp_0bc0783e-9768-47cd-b587-d15586a7b436.zip
2015-01-21 10:40:07 13E5CA111FEBEFCEE654DAF54E7C2534 121830 ----a-w- C:\ProgramData\AVG2015\IDS\outbox\tmp_0bc0783e-9768-47cd-b587-d15586a7b436.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ORDAR"="regsvr32.exe /s C:\Users\Andrea\AppData\Roaming\img.jpg #nbvc2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"Cobian Backup 10"="C:\Program Files\Cobian Backup 10\Cobian.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY"
"wdbraz_certm"="C:\Windows\system32\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Nikon Message Center 2"="C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"uTorrent"="C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"ORDAR"="regsvr32.exe /s C:\Users\Andrea\AppData\Roaming\img.jpg #nbvc2"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/01/2015 09:55]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/01/2015 14:43]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26/01/2015 14:43]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-bordart07-Andrea" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Motorola Device Manager Engine" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\Motorola Device Manager Initial Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\Motorola Device Manager Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\{37CB71F6-5F53-4E04-9AFE-34959F61E26D}" [C:\Program Files\Google\Chrome\Application\chrome.exe]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [13/01/2015 08:40]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\w3s6g7zc.default
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
0FC325593893749364EC4A733E7D9100 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BFD1CDA328C83054154DD05EA233F79B - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
9CD7CD8FD07718851DD8081CDF8CA3E7 - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll - AdobeExManDetect
1BC054CA69E22CC7B32AE82AA0457927 - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
406106D91D3F86FD34EC194940855746 - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
AB7BC83EBDA774734D0F476A39F69B67 - C:\Program Files\Nitro\Reader 3\npdf.dll - Nitro PDF Library
FEF2637C0848281FD2C0FAD928DCDECA - C:\Program Files\Nitro\Reader 3\npnitroie.dll - Nitro PDF plugin for Internet Explorer
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.91 (Possible outdated, latest Stable version: 40.0.2214.93)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 19:22]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[28/07/2014 09:41]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Andrea\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[23/05/2014 12:07]
Google Slides - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Empty IE Cache ======================
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67WLDNWK will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7YB4XK will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCEDX0N4 will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM4H8HQB will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQYLQ3VB will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETA933EC will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIRXAZ6K will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXKJ5HN will be deleted at reboot
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=53 folders=5 21806939 bytes)
==== Empty Temp Folders ======================
C:\Users\Andrea\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Andrea\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\67WLDNWK" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU7YB4XK" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCEDX0N4" not found
"C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NM4H8HQB" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQYLQ3VB" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETA933EC" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIRXAZ6K" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHXKJ5HN" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 27/01/2015 at 13:21:15,20 ======================
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 14:03
/!\ Boa Tarde! Steve Rogers /!\
> Abra a ferramenta Zoek.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}];r
"Path"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[-HKEY_USERS\.DEFAULT\Software\Baidu Security];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527];r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527];r
"url"=-;r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport];r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport];r
"c:\\programdata\\baidu security\\rpdata"=-;r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup];r
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=-;r
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-;r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport];r
C:\Users\Public\Documents\Baidu Security;fs
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
> Abra a ferramenta Zoek.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}];r
"Path"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];ra
"DeviceDesc"=-;ra
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000];ra
"DeviceDesc"=-;ra
[-HKEY_USERS\.DEFAULT\Software\Baidu Security];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527];r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527];r
"url"=-;r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport];r
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport];r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport];r
"c:\\programdata\\baidu security\\rpdata"=-;r
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup];r
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=-;r
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-;r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm];r
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport];r
C:\Users\Public\Documents\Baidu Security;fs
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 14:16
Segue relatório:
Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by Andrea on 27/01/2015 at 14:09:45,17.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andrea\Downloads\zoek.exe.pif [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-01-27-152115.log 35475 bytes
==== Registry Lines To Reset ACL ======================
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
"url"=-
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=-
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Deleting Files \ Folders ======================
C:\Users\Public\Documents\Baidu Security deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=56 folders=16 21807312 bytes)
==== EOF on 27/01/2015 at 14:11:10,78 ======================
Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by Andrea on 27/01/2015 at 14:09:45,17.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andrea\Downloads\zoek.exe.pif [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-01-27-152115.log 35475 bytes
==== Registry Lines To Reset ACL ======================
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000 Not Found or Not Reset
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000 Not Found or Not Reset
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C2EC86-5DAC-4591-BD74-B26D17F55A75}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\Install\13335527]
"url"=-
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\S-1-5-21-4170564532-3963732-2529252770-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Andrea\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\2D1GID0Y\\JavaSetup7u21[1].exe"=-
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Deleting Files \ Folders ======================
C:\Users\Public\Documents\Baidu Security deleted
==== C:\zoek_backup content ======================
C:\zoek_backup (files=56 folders=16 21807312 bytes)
==== EOF on 27/01/2015 at 14:11:10,78 ======================
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 14:20
/!\ Boa Tarde! Steve Rogers /!\
> Este não é o relatório e sim uma cópia do script que lhe passei,para ser colado no campo da Zoek.
... Editando!
> Agora ao editar,o relatório veio corretamente.
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
> Este não é o relatório e sim uma cópia do script que lhe passei,para ser colado no campo da Zoek.
... Editando!
> Agora ao editar,o relatório veio corretamente.
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 14:33
Consegui baixar em outro lugar aqui. :cap_feceiro: :cap_feceiro: :cap_feceiro:
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por Steve Rogers Ter 27 Jan 2015, 14:55
Deu certo. Funcionou tudo certinho. Vlw msm. Obrigado.
Steve Rogers- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 27/01/2015
Idade : 36
Re: Chrome fecha quando acesso internet banking caixa
por joram Ter 27 Jan 2015, 15:18
Caso Resolvido
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes» Caixa de diálogo fecha sozinha,após aberta!
» Não consigo estalar nenhum anti- virus no pc
» sempre que abro o google chrome ele fecha e abre o IE
» Por que quando eu abro o google chrome passa 5 segundos e ele fecha
» WiFi conectando, com acesso a internet porém o navegador não acessa
» Não consigo estalar nenhum anti- virus no pc
» sempre que abro o google chrome ele fecha e abre o IE
» Por que quando eu abro o google chrome passa 5 segundos e ele fecha
» WiFi conectando, com acesso a internet porém o navegador não acessa
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|