Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 66 usuários online :: 0 registrados, 0 invisíveis e 66 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Como excluir Baidu Antivirus e Baidu PC Faster
2 participantes
Página 1 de 3
Página 1 de 3 • 1, 2, 3
Como excluir Baidu Antivirus e Baidu PC Faster
Boa Noite, queria me livrar do Baidu Antivirus e Baidu PC Faster mas não consigo, me ajudem. Sempre aparece uma tela pedindo para fazer alterações...
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Olá Reinaldo.
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Última edição por Power Max em Seg 24 Mar 2014, 13:08, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
# AdwCleaner v3.021 - Relatório criado 11/03/2014 às 23:12:11
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Reinaldo - REINALDO-STI
# Executando de : C:\Users\Reinaldo\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Windows\SysWOW64\SearchProtect
Pasta Deletada : C:\Users\Reinaldo\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\OpenCandy
Arquivo Deletada : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Arquivo Deletada : C:\Users\Reinaldo\Desktop\Search.lnk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2060 octets] - [11/03/2014 23:10:11]
AdwCleaner[S0].txt - [1840 octets] - [11/03/2014 23:12:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1900 octets] ##########
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Reinaldo - REINALDO-STI
# Executando de : C:\Users\Reinaldo\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Windows\SysWOW64\SearchProtect
Pasta Deletada : C:\Users\Reinaldo\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Reinaldo\AppData\Roaming\OpenCandy
Arquivo Deletada : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Arquivo Deletada : C:\Users\Reinaldo\Desktop\Search.lnk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2060 octets] - [11/03/2014 23:10:11]
AdwCleaner[S0].txt - [1840 octets] - [11/03/2014 23:12:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1900 octets] ##########
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes.
Ficamos no aguardo.
Última edição por Power Max em Seg 24 Mar 2014, 13:08, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da base de dados: v2014.03.12.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Reinaldo :: REINALDO-STI [administrador]
12/03/2014 13:12:33
mbam-log-2014-03-12 (13-12-33).txt
Tipo de pesquisa: Completa (C:\|D:\|E:\|)
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 565712
Tempo decorrido: 1 hora(s), 45 minuto(s), 30 segundo(s)
Processos de memória Detectados: 0
(Nenhum item malicioso detectado)
Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)
Chaves do Registo Detectadas: 0
(Nenhum item malicioso detectado)
Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)
Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)
Pastas Detectadas: 0
(Nenhum item malicioso detectado)
Ficheiros Detectados: 40
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1391338387969.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391338387545.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391389513032.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391389513219.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392195423212.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392195423914.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_1391338387923.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Reinaldo\AppData\Roaming\OpenCandy\9B967D8ED23345AE8468DFAC542C0293\WS_p4v2_2CB2.exe.vir (PUP.Optional.Amonetize) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\ccleaner-4.07.4369 (1).exe (PUP.Optional.OpenCandy) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\ccleaner-4.07.4369.exe (PUP.Optional.OpenCandy) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\setup.exe (PUP.Optional.Bundlore) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nscD00F.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nscD80A.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsd1CB6.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nshF569.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsiCC16.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsmD7FA.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsnD3F6.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nss2AFB.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nssF201.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nssF55A.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nst982E.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nstCC07.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsx28F8.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxB483.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxB56D.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxF2BC.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsy7CDF.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsyCDBF.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
(fim)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da base de dados: v2014.03.12.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Reinaldo :: REINALDO-STI [administrador]
12/03/2014 13:12:33
mbam-log-2014-03-12 (13-12-33).txt
Tipo de pesquisa: Completa (C:\|D:\|E:\|)
Opções de pesquisa activadas: Memoria | Arranque | Registo | Sistema de Ficheiros | Heurísticos/Extra | Heurísticos/Shuriken | PPI | MPI
Opções de pesquisa desactivadas: P2P
Objectos verificados: 565712
Tempo decorrido: 1 hora(s), 45 minuto(s), 30 segundo(s)
Processos de memória Detectados: 0
(Nenhum item malicioso detectado)
Módulos de Memória Detectados: 0
(Nenhum item malicioso detectado)
Chaves do Registo Detectadas: 0
(Nenhum item malicioso detectado)
Valores do Registo Detectados: 0
(Nenhum item malicioso detectado)
Itens de dados do Registo Detectados: 0
(Nenhum item malicioso detectado)
Pastas Detectadas: 0
(Nenhum item malicioso detectado)
Ficheiros Detectados: 40
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1391338387969.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391338387545.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391389513032.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391389513219.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392195423212.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392195423914.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe_1391338387923.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Reinaldo\AppData\Roaming\OpenCandy\9B967D8ED23345AE8468DFAC542C0293\WS_p4v2_2CB2.exe.vir (PUP.Optional.Amonetize) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\ccleaner-4.07.4369 (1).exe (PUP.Optional.OpenCandy) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\ccleaner-4.07.4369.exe (PUP.Optional.OpenCandy) -> Movido para a quarentena e eliminado com sucesso.
C:\Users\Reinaldo\Downloads\setup.exe (PUP.Optional.Bundlore) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nscD00F.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nscD80A.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsd1CB6.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nshF569.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsiCC16.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsmD7FA.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsnD3F6.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nss2AFB.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nssF201.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nssF55A.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nst982E.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nstCC07.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsx28F8.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxB483.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxB56D.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsxF2BC.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsy7CDF.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
C:\Windows\Temp\nsyCDBF.exe (PUP.Optional.SearchProtect.A) -> Movido para a quarentena e eliminado com sucesso.
(fim)
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 24 Mar 2014, 13:09, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
O relatório do Zoek está incompleto porque a limpeza dele ainda não terminou. Assim que a limpeza dele terminar, poste o relatório completo.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Prezado, continua informando o mesmo relatório, e já passou um bom tempo......Veja:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Neste caso seria bom reiniciar o computador e fazer o procedimento novamente
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Prezado, continua o mesmo Log:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 12/03/2014 at 16:16:50,01.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 16:17:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Inicie o PC no modo seguro (apertando várias vezes a tecla F8), ou F5 em alguns tipos de computadores, e escolhendo a opção de Modo Seguro, ou modo seguro com rede, e quando o computador estiver no modo seguro você faz novamente o procedimento com o Zoek como lhe passei e depois poste o relatório dele.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 13/03/2014 at 20:13:54,19.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-12-191752.log 1305 bytes
C:\zoek-results2014-03-12-222408.log 1398 bytes
==== System Restore Info ======================
13/03/2014 20:14:41 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
Tool run by Reinaldo on 13/03/2014 at 20:13:54,19.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-12-191752.log 1305 bytes
C:\zoek-results2014-03-12-222408.log 1398 bytes
==== System Restore Info ======================
13/03/2014 20:14:41 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
O relatório continua incompleto. E está constando que você executou o Zoek no modo normal.
Execute ele no modo seguro como tinha te falado, e depois poste o relatório completo dele.
Execute ele no modo seguro como tinha te falado, e depois poste o relatório completo dele.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Prezado, consegui o relatório abaixo, mas acho que continua incompleto. Ah, não sei se vc pode confirmar mas depois que desativei o antivirus acho que entrou algum virus no computador pois, enquanto estou digitando o cursor vai pro final da tela sem eu pedir, tendo eu que retornar ao local que estava digitando.....
Grande abraço!
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 14/03/2014 at 9:12:08,45.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-12-191752.log 1305 bytes
C:\zoek-results2014-03-12-222408.log 1398 bytes
C:\zoek-results2014-03-13-231449.log 1447 bytes
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost ,
Grande abraço!
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Reinaldo on 14/03/2014 at 9:12:08,45.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Reinaldo\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-12-191752.log 1305 bytes
C:\zoek-results2014-03-12-222408.log 1398 bytes
C:\zoek-results2014-03-13-231449.log 1447 bytes
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost ,
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Seg 24 Mar 2014, 13:04, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Iniciado por Reinaldo (14/03/2014 22:17:19)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.146
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.07 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 395 GB (86%) free of 458 GB
---\\ Modo de conexão ao sistema
~ Computer Name: REINALDO-STI
~ User Name: Reinaldo
~ All Users Names: Reinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Reinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Reinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Reinaldo\Desktop\
~ %Favorites% : C:\Users\Reinaldo\Favorites\
~ %LocalAppData% : C:\Users\Reinaldo\AppData\Local\
~ %StartMenu% : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 395 Go of 458 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/07/2012 - 07:53:38.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/07/2012 - 07:58:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/9
~ Mon Bureau (My Desktop) : 1/329
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3100]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3164]
[MD5.BED38B0ADFF5F5CC6E988A6491017E83] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792] [PID.3180]
[MD5.F23FEC819F6D1181C47374DF8EE89A6E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3280] =>Adware.BDSearch
[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.4864]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.1908]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136] [PID.836]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1432]
[MD5.777E031B6C740148E935066F37B49AF8] - (.National Instruments Corporation - lkads.) -- C:\Windows\SysWOW64\lkads.exe [50328] [PID.1536]
[MD5.68C5321CBC7BE2FA7278809A2D6544D0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360] [PID.2092]
[MD5.62E7B5EF6BEC714BC200C661BA940F54] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328] [PID.2112]
[MD5.D66D5FCC4911646347F9F5CD8C3F0000] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952] [PID.2140]
[MD5.B88353EFE93AC3C6518415621FD8EBCB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920] [PID.2172] =>Adware.BDSearch
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\Windows\SysWOW64\lkcitdl.exe [695136] [PID.2956]
[MD5.23A07F37756F44ED738BCD931EBFFCED] - (.National Instruments Corporation - lktsrv.) -- C:\Windows\SysWOW64\lktsrv.exe [60568] [PID.3308]
[MD5.2FADAD2DED79972C0B25570394AA519C] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960] [PID.3760]
[MD5.902A9B8EC25EAC8C8DD5594F5866F80C] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776] [PID.3864]
[MD5.30B05E4E963E663E2A7D110048FD1A02] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624] [PID.4056]
[MD5.DF0AB139C5C5ADEF39A88D7FE51F0CB4] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192] [PID.3908]
[MD5.686045905787B68D829CE647A6DFAD2B] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536] [PID.4308]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4832]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.5500]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 21s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Reinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.6.0.15:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Multimídia.lnk . (...) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_1E8B57E217D6A54FAF778B.exe
O4 - GS\Desktop [Public]: HSPA MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA MODEM\HSPA MODEM\StartUp.exe
O4 - GS\Desktop [Public]: MATLAB R2008b.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files (x86)\MATLAB\R2008b\bin\matlab.exe
O4 - GS\Desktop [Public]: NI MAX.lnk . (.National Instruments Corporation - Measurement & Automation Explorer.) -- C:\Program Files (x86)\National Instruments\MAX\NIMax.exe
O4 - GS\Desktop [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\Desktop [Public]: Sistema de Recuperação STI.lnk . (...) -- C:\Windows\Installer\{C247203E-3833-45A5-AEBA-403EBBA67AD7}\_F1E53105AC99C346B2A794.exe
O4 - GS\Program [Public]: National Instruments LabVIEW 2012 (32-bit).lnk . (.National Instruments Corporation - LabVIEW 12.0 Development System.) -- C:\Program Files (x86)\National Instruments\LabVIEW 2012\LabVIEW.exe
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\QuickLaunch [Reinaldo]: Baidu Spark Browser.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\QuickLaunch [Reinaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Reinaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Reinaldo]: Baidu Spark Browser.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\TaskBar [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Reinaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Reinaldo]: Baidu PC Faster.lnk . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - GS\Desktop [Reinaldo]: Baidu Spark Browser.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\Desktop [Reinaldo]: Continue Codec Package Installation.lnk . (...) -- C:\Users\Reinaldo\AppData\Local\Temp\ICReinstall_CodecPackage.exe
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Facebook.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\Desktop [Reinaldo]: Foxit PDF Editor.lnk . (.Foxit Corporation - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
O4 - GS\Desktop [Reinaldo]: YouTube.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
~ Global Startup: 71 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [CorelCreatorClient] . (.Global Graphics Software Ltd. - gDocCreator Client application.) -- C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKCU\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
O4 - HKCU\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.78 189.6.0.134
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
O23 - Service: Spark Browser Service (SparkSvc) . (...) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe (.not file.) =>Adware.BDSearch
~ Services: 16 Legitimates Filtered in 00mn 07s
---\\ Tarefas planificadas automaticamente (039)
[MD5.FE1D9A95168499203C96D9F3DD27DD82] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1084912] =>Adware.BDSearch
~ Scheduled Task: 13 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.15.3 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Prezi - (.Nome de sua empresa:.) [HKLM][64Bits] -- {BD44409B-A691-4B97-B33D-F07E1DE791F3}
O42 - Logiciel: Zip Extractor Packages - (...) [HKCU][64Bits] -- Zip Extractor Packages
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\Planet Imagina]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\baidu] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Planet Imagina]
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch
~ Key Software: 231 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/02/2014 - 18:44:25 - [134,959] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/07/2012 - 21:43:32 - [209,976] ----D C:\Program Files (x86)\GuiaMultimidia
O43 - CFD: 19/12/2013 - 05:11:07 - [564,603] ----D C:\Program Files (x86)\Prezi
O43 - CFD: 16/01/2014 - 21:16:47 - [0] ----D C:\Program Files (x86)\saverOn
O43 - CFD: 16/01/2014 - 21:16:53 - [0,003] ----D C:\ProgramData\97494399df59196b
O43 - CFD: 11/03/2014 - 23:15:18 - [0] ----D C:\ProgramData\Baidu =>Adware.BDSearch
O43 - CFD: 05/03/2014 - 09:04:44 - [54,220] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/01/2014 - 11:55:59 - [0,002] ----D C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
O43 - CFD: 16/01/2014 - 22:52:30 - [0] ----D C:\ProgramData\saverOn
O43 - CFD: 16/01/2014 - 22:26:38 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 14/03/2014 - 13:57:29 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\Baidu =>Adware.BDSearch
O43 - CFD: 23/01/2014 - 17:20:54 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 14/09/2013 - 13:25:35 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\GuiaMultimidia
O43 - CFD: 23/01/2014 - 17:20:45 - [4,176] ----D C:\Users\Reinaldo\AppData\Roaming\rmi
O43 - CFD: 22/11/2013 - 14:07:18 - [0,029] ----D C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
O43 - CFD: 23/01/2014 - 17:21:36 - [0,004] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch
O43 - CFD: 19/01/2014 - 16:08:40 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
~ Program Folder: 157 Legitimates Filtered in 01mn 43s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7495B46E803B36F09F3A2BEBA626F5B4] - 07/03/2014 - 01:10:56 ---A- . (...) -- C:\fraglist.luar [3639]
O44 - LFC:[MD5.5B3C8E1FC3016A84C085C7D5718D55E7] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [163446]
O44 - LFC:[MD5.C7C02C543E30934336C49AFC27B04C90] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [721428]
O44 - LFC:[MD5.FD95C30691C8B52BC8FEFADD8308FE38] - 11/03/2014 - 21:45:26 ---A- . (...) -- C:\Archive.ini [47]
O44 - LFC:[MD5.D0B86ACD8E593794549D949D8997B2EA] - 12/03/2014 - 16:17:52 ---A- . (...) -- C:\zoek-results2014-03-12-191752.log [1305]
O44 - LFC:[MD5.DC46A16FC21735700B05AB3AD82AE14C] - 12/03/2014 - 19:24:08 ---A- . (...) -- C:\zoek-results2014-03-12-222408.log [1398]
O44 - LFC:[MD5.16472D09785F18B13E0B514C924CC388] - 13/03/2014 - 20:14:49 ---A- . (...) -- C:\zoek-results2014-03-13-231449.log [1447]
O44 - LFC:[MD5.D3C29F5D94C2D8A2AD361685CB654510] - 14/03/2014 - 09:09:10 ---A- . (...) -- C:\Windows\ntbtlog.txt [375126]
O44 - LFC:[MD5.1DAAC4FC2CD13902818A6925A6522B64] - 14/03/2014 - 09:12:54 ---A- . (...) -- C:\zoek-results.log [1433]
O44 - LFC:[MD5.CDAE1BF600D63DD66543A4EA89CD237E] - 14/03/2014 - 09:12:56 ---A- . (...) -- C:\runcheck.txt [583]
~ Files: 49 Legitimates Filtered in 00mn 04s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NIRegistrationWizard [Key] . (...) -- C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 23/01/2014 - 17:24:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264]
O58 - SDL:[MD5.2B3B8CBEA1BA1BCE5700607FBDB31034] - 31/10/2008 - 16:19:36 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [117888]
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 14/03/2014 - 12:09:57 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/01/1601 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(...) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 01/01/1601 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(...) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(...) - LEGACY_BFILTER
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(...) - LEGACY_BFMON
O64 - Services: CurCS - 01/01/1601 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(...) - LEGACY_BPROTECT
O64 - Services: CurCS - 23/01/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 23/01/2014 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
~ Legacy: 84 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.91380B3C3D79D145160769B14320F9BD] [SPRF][23/01/2014] (...) -- C:\Users\Reinaldo\AppData\Roaming\unins000.dat [108204]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][23/01/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Reinaldo\AppData\Roaming\unins000.exe [720082]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Reinaldo\Desktop\PureRa.exe [76565]
~ Files: 5 Legitimates Filtered in 00mn 05s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{63356659-DD15-46B1-B553-85C9D2754DA2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\pcb\bin\productserver.exe
O87 - FAEL: "{14188811-12E5-42A5-8B4E-B5C2A94C39C2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\openaccess\bin\win32\opt\oadmturboserver.exe
O87 - FAEL: "{2999E29F-B156-4501-8252-31C95464F1F7}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\OpenAccess\bin\win32\opt\oaFSLockD.exe
O87 - FAEL: "{AB3CA2C1-9882-451C-9E88-64DD9352394A}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmsgserver.exe
O87 - FAEL: "{1331E8F6-F3DE-4176-8763-7A99D75BBED6}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsnameserver.exe
O87 - FAEL: "{60F7F65B-BA28-43E2-877D-AB6E7151F9EE}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmps.exe
O87 - FAEL: "{C6CF7CCD-47DA-4E59-84C9-25E1415D2DCA}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\clsbd.exe
O87 - FAEL: "{D59009DF-5F51-412D-BBFD-F2982D210806}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{9D58B3E3-A20E-4948-8E15-185E9032A8F3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{EE5FB45B-D6A0-4361-80CC-1A6BF3082E91}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{1C9031CF-0895-4C76-ADED-5D3CDE67D846}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
~ Firewall: 191 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "30ECD8C76498A2744AC1973562E91FF7" . (.GuiaMultimidia.) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.9.2.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 280 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 281 Legitimates Filtered in 00mn 27s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 18/05/2012 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\Opcenum.exe
SS - | Auto 10/07/1658 0 | (SparkSvc) . (...) - C:\Program Files (x86)\baidu\Spark\sparkservice.exe =>Adware.BDSearch
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Demand 13/12/2011 105984 | (CorelCreatorMessages) . (.Global Graphics Software Ltd.) - C:\Windows\system32\CorelCreatorMessages.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 22/05/2012 51360 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 05/06/2012 169192 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 07/06/2012 680624 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
SR - | Auto 23/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 29s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 9
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\SparkSvc] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Defrag =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Baidu =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\baidu] =>Adware.BDSearch^
~ Additionnel Scan: 476910 Items scanned in 00mn 19s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ MSI: 2 link(s) detected in 00mn 19s
~ 1225 Legitimates filtered by white list
End of the scan (541 lines in 03mn 37s)(0)
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 15 Mar 2014, 18:35, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre : C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPExportRegistry-15-03-2014-16-51-30.txt
Run by Reinaldo at 15/03/2014 16:51:16
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
BFILTER Parado
BFMON Parado
BPROTECT Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (13) (6.146.627 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO [MD5.FE1D9A95168499203C96D9F3DD27DD82] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1084912]
========== Recapitulativo ==========
3 : Processo memória
7 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
1 : Softwares
7 : Estado dos serviços
1 : Restauração Sistema
1 : Outros
End of clean in 01mn 47s
========== Caminho do ficheiro do relatório ==========
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/03/2014 16:44:57 [4247]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15/03/2014 16:51:18 [2930]
Fichier d'export Registre : C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPExportRegistry-15-03-2014-16-51-30.txt
Run by Reinaldo at 15/03/2014 16:51:16
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
BFILTER Parado
BFMON Parado
BPROTECT Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (13) (6.146.627 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO [MD5.FE1D9A95168499203C96D9F3DD27DD82] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1084912]
========== Recapitulativo ==========
3 : Processo memória
7 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
1 : Softwares
7 : Estado dos serviços
1 : Restauração Sistema
1 : Outros
End of clean in 01mn 47s
========== Caminho do ficheiro do relatório ==========
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/03/2014 16:44:57 [4247]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15/03/2014 16:51:18 [2930]
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Seg 24 Mar 2014, 13:05, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Iniciado por Reinaldo (15/03/2014 18:03:28)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.07 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 394 GB (86%) free of 458 GB
---\\ Modo de conexão ao sistema
~ Computer Name: REINALDO-STI
~ User Name: Reinaldo
~ All Users Names: Reinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Reinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Reinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Reinaldo\Desktop\
~ %Favorites% : C:\Users\Reinaldo\Favorites\
~ %LocalAppData% : C:\Users\Reinaldo\AppData\Local\
~ %StartMenu% : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 394 Go of 458 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/07/2012 - 07:53:38.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/07/2012 - 07:58:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/9
~ Mon Bureau (My Desktop) : 1/325
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3100]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3164]
[MD5.BED38B0ADFF5F5CC6E988A6491017E83] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792] [PID.3180]
[MD5.F23FEC819F6D1181C47374DF8EE89A6E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3280] =>Adware.BDSearch
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.32136]
[MD5.EB777DE39AE1FC04A7F25130CDAB47B7] - (.Google - Hangouts Plugin.) -- C:\Users\Reinaldo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64384] [PID.31880]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.28516]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136] [PID.836]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1432]
[MD5.777E031B6C740148E935066F37B49AF8] - (.National Instruments Corporation - lkads.) -- C:\Windows\SysWOW64\lkads.exe [50328] [PID.1536]
[MD5.68C5321CBC7BE2FA7278809A2D6544D0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360] [PID.2092]
[MD5.62E7B5EF6BEC714BC200C661BA940F54] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328] [PID.2112]
[MD5.D66D5FCC4911646347F9F5CD8C3F0000] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952] [PID.2140]
[MD5.B88353EFE93AC3C6518415621FD8EBCB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920] [PID.2172] =>Adware.BDSearch
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\Windows\SysWOW64\lkcitdl.exe [695136] [PID.2956]
[MD5.23A07F37756F44ED738BCD931EBFFCED] - (.National Instruments Corporation - lktsrv.) -- C:\Windows\SysWOW64\lktsrv.exe [60568] [PID.3308]
[MD5.2FADAD2DED79972C0B25570394AA519C] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960] [PID.3760]
[MD5.902A9B8EC25EAC8C8DD5594F5866F80C] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776] [PID.3864]
[MD5.30B05E4E963E663E2A7D110048FD1A02] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624] [PID.4056]
[MD5.DF0AB139C5C5ADEF39A88D7FE51F0CB4] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192] [PID.3908]
[MD5.686045905787B68D829CE647A6DFAD2B] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536] [PID.4308]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4832]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.5500]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 22s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Reinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Multimídia.lnk . (...) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_1E8B57E217D6A54FAF778B.exe
O4 - GS\Desktop [Public]: HSPA MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA MODEM\HSPA MODEM\StartUp.exe
O4 - GS\Desktop [Public]: MATLAB R2008b.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files (x86)\MATLAB\R2008b\bin\matlab.exe
O4 - GS\Desktop [Public]: NI MAX.lnk . (.National Instruments Corporation - Measurement & Automation Explorer.) -- C:\Program Files (x86)\National Instruments\MAX\NIMax.exe
O4 - GS\Desktop [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\Desktop [Public]: Sistema de Recuperação STI.lnk . (...) -- C:\Windows\Installer\{C247203E-3833-45A5-AEBA-403EBBA67AD7}\_F1E53105AC99C346B2A794.exe
O4 - GS\Program [Public]: National Instruments LabVIEW 2012 (32-bit).lnk . (.National Instruments Corporation - LabVIEW 12.0 Development System.) -- C:\Program Files (x86)\National Instruments\LabVIEW 2012\LabVIEW.exe
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\QuickLaunch [Reinaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Reinaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Reinaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Foxit PDF Editor.lnk . (.Foxit Corporation - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [CorelCreatorClient] . (.Global Graphics Software Ltd. - gDocCreator Client application.) -- C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKCU\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.78 189.6.0.134
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
~ Services: 16 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.15.3 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Prezi - (.Nome de sua empresa:.) [HKLM][64Bits] -- {BD44409B-A691-4B97-B33D-F07E1DE791F3}
O42 - Logiciel: Zip Extractor Packages - (...) [HKCU][64Bits] -- Zip Extractor Packages
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\Planet Imagina]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Planet Imagina]
~ Key Software: 227 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/02/2014 - 18:44:25 - [132,865] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/07/2012 - 21:43:32 - [209,976] ----D C:\Program Files (x86)\GuiaMultimidia
O43 - CFD: 19/12/2013 - 05:11:07 - [564,603] ----D C:\Program Files (x86)\Prezi
O43 - CFD: 16/01/2014 - 21:16:47 - [0] ----D C:\Program Files (x86)\saverOn
O43 - CFD: 16/01/2014 - 21:16:53 - [0,003] ----D C:\ProgramData\97494399df59196b
O43 - CFD: 15/03/2014 - 16:43:58 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/01/2014 - 11:55:59 - [0,002] ----D C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
O43 - CFD: 16/01/2014 - 22:52:30 - [0] ----D C:\ProgramData\saverOn
O43 - CFD: 16/01/2014 - 22:26:38 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 14/09/2013 - 13:25:35 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\GuiaMultimidia
O43 - CFD: 22/11/2013 - 14:07:18 - [0,029] ----D C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
O43 - CFD: 19/01/2014 - 16:08:40 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
~ Program Folder: 152 Legitimates Filtered in 01mn 16s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7495B46E803B36F09F3A2BEBA626F5B4] - 07/03/2014 - 01:10:56 ---A- . (...) -- C:\fraglist.luar [3639]
O44 - LFC:[MD5.5B3C8E1FC3016A84C085C7D5718D55E7] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [163446]
O44 - LFC:[MD5.C7C02C543E30934336C49AFC27B04C90] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [721428]
O44 - LFC:[MD5.FD95C30691C8B52BC8FEFADD8308FE38] - 11/03/2014 - 21:45:26 ---A- . (...) -- C:\Archive.ini [47]
O44 - LFC:[MD5.D0B86ACD8E593794549D949D8997B2EA] - 12/03/2014 - 16:17:52 ---A- . (...) -- C:\zoek-results2014-03-12-191752.log [1305]
O44 - LFC:[MD5.DC46A16FC21735700B05AB3AD82AE14C] - 12/03/2014 - 19:24:08 ---A- . (...) -- C:\zoek-results2014-03-12-222408.log [1398]
O44 - LFC:[MD5.16472D09785F18B13E0B514C924CC388] - 13/03/2014 - 20:14:49 ---A- . (...) -- C:\zoek-results2014-03-13-231449.log [1447]
O44 - LFC:[MD5.D3C29F5D94C2D8A2AD361685CB654510] - 14/03/2014 - 09:09:10 ---A- . (...) -- C:\Windows\ntbtlog.txt [375126]
O44 - LFC:[MD5.1DAAC4FC2CD13902818A6925A6522B64] - 14/03/2014 - 09:12:54 ---A- . (...) -- C:\zoek-results.log [1433]
O44 - LFC:[MD5.CDAE1BF600D63DD66543A4EA89CD237E] - 14/03/2014 - 09:12:56 ---A- . (...) -- C:\runcheck.txt [583]
~ Files: 49 Legitimates Filtered in 00mn 02s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NIRegistrationWizard [Key] . (...) -- C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 23/01/2014 - 17:24:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264]
O58 - SDL:[MD5.2B3B8CBEA1BA1BCE5700607FBDB31034] - 31/10/2008 - 16:19:36 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [117888]
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 14/03/2014 - 12:09:57 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 23/01/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 23/01/2014 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe =>Adware.BDSearch
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Reinaldo\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.91380B3C3D79D145160769B14320F9BD] [SPRF][23/01/2014] (...) -- C:\Users\Reinaldo\AppData\Roaming\unins000.dat [108204]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Reinaldo\Desktop\PureRa.exe [76565]
~ Files: 3 Legitimates Filtered in 00mn 03s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{63356659-DD15-46B1-B553-85C9D2754DA2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\pcb\bin\productserver.exe
O87 - FAEL: "{14188811-12E5-42A5-8B4E-B5C2A94C39C2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\openaccess\bin\win32\opt\oadmturboserver.exe
O87 - FAEL: "{2999E29F-B156-4501-8252-31C95464F1F7}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\OpenAccess\bin\win32\opt\oaFSLockD.exe
O87 - FAEL: "{AB3CA2C1-9882-451C-9E88-64DD9352394A}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmsgserver.exe
O87 - FAEL: "{1331E8F6-F3DE-4176-8763-7A99D75BBED6}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsnameserver.exe
O87 - FAEL: "{60F7F65B-BA28-43E2-877D-AB6E7151F9EE}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmps.exe
O87 - FAEL: "{C6CF7CCD-47DA-4E59-84C9-25E1415D2DCA}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\clsbd.exe
~ Firewall: 187 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "30ECD8C76498A2744AC1973562E91FF7" . (.GuiaMultimidia.) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.9.2.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 280 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 281 Legitimates Filtered in 00mn 27s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 18/05/2012 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\Opcenum.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Demand 13/12/2011 105984 | (CorelCreatorMessages) . (.Global Graphics Software Ltd.) - C:\Windows\system32\CorelCreatorMessages.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 22/05/2012 51360 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 05/06/2012 169192 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 07/06/2012 680624 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
SR - | Auto 23/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 29s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 472477 Items scanned in 00mn 24s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ MSI: 2 link(s) detected in 00mn 24s
~ 1200 Legitimates filtered by white list
End of the scan (491 lines in 03mn 09s)(0)
~ Iniciado por Reinaldo (15/03/2014 18:03:28)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.07 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3990 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 394 GB (86%) free of 458 GB
---\\ Modo de conexão ao sistema
~ Computer Name: REINALDO-STI
~ User Name: Reinaldo
~ All Users Names: Reinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Reinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Reinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Reinaldo\Desktop\
~ %Favorites% : C:\Users\Reinaldo\Favorites\
~ %LocalAppData% : C:\Users\Reinaldo\AppData\Local\
~ %StartMenu% : C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 394 Go of 458 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.11/07/2012 - 07:53:38.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.11/07/2012 - 07:58:16.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/9
~ Mon Bureau (My Desktop) : 1/325
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3100]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3164]
[MD5.BED38B0ADFF5F5CC6E988A6491017E83] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792] [PID.3180]
[MD5.F23FEC819F6D1181C47374DF8EE89A6E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3280] =>Adware.BDSearch
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.32136]
[MD5.EB777DE39AE1FC04A7F25130CDAB47B7] - (.Google - Hangouts Plugin.) -- C:\Users\Reinaldo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64384] [PID.31880]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.28516]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136] [PID.836]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1432]
[MD5.777E031B6C740148E935066F37B49AF8] - (.National Instruments Corporation - lkads.) -- C:\Windows\SysWOW64\lkads.exe [50328] [PID.1536]
[MD5.68C5321CBC7BE2FA7278809A2D6544D0] - (.National Instruments Corporation - MXS Service.) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360] [PID.2092]
[MD5.62E7B5EF6BEC714BC200C661BA940F54] - (.National Instruments Corporation - nidmsrv.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328] [PID.2112]
[MD5.D66D5FCC4911646347F9F5CD8C3F0000] - (.National Instruments Corporation - System Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952] [PID.2140]
[MD5.B88353EFE93AC3C6518415621FD8EBCB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920] [PID.2172] =>Adware.BDSearch
[MD5.20CDB07017497C94A0BAD253C4BAFCBC] - (.National Instruments, Inc. - Part of Logos.) -- C:\Windows\SysWOW64\lkcitdl.exe [695136] [PID.2956]
[MD5.23A07F37756F44ED738BCD931EBFFCED] - (.National Instruments Corporation - lktsrv.) -- C:\Windows\SysWOW64\lktsrv.exe [60568] [PID.3308]
[MD5.2FADAD2DED79972C0B25570394AA519C] - (.National Instruments Corporation - Application Web Server Daemon.) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960] [PID.3760]
[MD5.902A9B8EC25EAC8C8DD5594F5866F80C] - (.National Instruments Corporation - National Instruments Zeroconf Service.) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776] [PID.3864]
[MD5.30B05E4E963E663E2A7D110048FD1A02] - (.National Instruments Corporation - NI Variable Engine.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624] [PID.4056]
[MD5.DF0AB139C5C5ADEF39A88D7FE51F0CB4] - (.National Instruments Corporation - National Instruments Network Discovery Serv.) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192] [PID.3908]
[MD5.686045905787B68D829CE647A6DFAD2B] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536] [PID.4308]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.4832]
[MD5.13AA2130F2A104DD775EAD0F0EE5417B] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [598312] [PID.5500]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 22s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Reinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Guia Multimídia.lnk . (...) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_1E8B57E217D6A54FAF778B.exe
O4 - GS\Desktop [Public]: HSPA MODEM.lnk . (...) -- C:\Program Files (x86)\HSPA MODEM\HSPA MODEM\StartUp.exe
O4 - GS\Desktop [Public]: MATLAB R2008b.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) -- C:\Program Files (x86)\MATLAB\R2008b\bin\matlab.exe
O4 - GS\Desktop [Public]: NI MAX.lnk . (.National Instruments Corporation - Measurement & Automation Explorer.) -- C:\Program Files (x86)\National Instruments\MAX\NIMax.exe
O4 - GS\Desktop [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\Desktop [Public]: Sistema de Recuperação STI.lnk . (...) -- C:\Windows\Installer\{C247203E-3833-45A5-AEBA-403EBBA67AD7}\_F1E53105AC99C346B2A794.exe
O4 - GS\Program [Public]: National Instruments LabVIEW 2012 (32-bit).lnk . (.National Instruments Corporation - LabVIEW 12.0 Development System.) -- C:\Program Files (x86)\National Instruments\LabVIEW 2012\LabVIEW.exe
O4 - GS\Program [Public]: Prezi Desktop.lnk . (...) -- C:\Program Files (x86)\Prezi\Prezi.exe
O4 - GS\QuickLaunch [Reinaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Reinaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Program [Reinaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Reinaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Reinaldo]: Create Amazing Presentations.lnk - Chave orfã
O4 - GS\Desktop [Reinaldo]: Foxit PDF Editor.lnk . (.Foxit Corporation - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [CorelCreatorClient] . (.Global Graphics Software Ltd. - gDocCreator Client application.) -- C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKCU\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-3889674999-1771675981-1625549820-1000\..\RunOnce: [Application Restart #4] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{43866B80-E03B-4BDE-A19E-975C318963C2}: DhcpNameServer = 189.6.0.78 189.6.0.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.78 189.6.0.134
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
~ Services: 16 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: Driver 1.3.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IPM 1.9.2 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.15.3 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Prezi - (.Nome de sua empresa:.) [HKLM][64Bits] -- {BD44409B-A691-4B97-B33D-F07E1DE791F3}
O42 - Logiciel: Zip Extractor Packages - (...) [HKCU][64Bits] -- Zip Extractor Packages
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\Planet Imagina]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Planet Imagina]
~ Key Software: 227 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/02/2014 - 18:44:25 - [132,865] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/07/2012 - 21:43:32 - [209,976] ----D C:\Program Files (x86)\GuiaMultimidia
O43 - CFD: 19/12/2013 - 05:11:07 - [564,603] ----D C:\Program Files (x86)\Prezi
O43 - CFD: 16/01/2014 - 21:16:47 - [0] ----D C:\Program Files (x86)\saverOn
O43 - CFD: 16/01/2014 - 21:16:53 - [0,003] ----D C:\ProgramData\97494399df59196b
O43 - CFD: 15/03/2014 - 16:43:58 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/01/2014 - 11:55:59 - [0,002] ----D C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl
O43 - CFD: 16/01/2014 - 22:52:30 - [0] ----D C:\ProgramData\saverOn
O43 - CFD: 16/01/2014 - 22:26:38 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 14/09/2013 - 13:25:35 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\GuiaMultimidia
O43 - CFD: 22/11/2013 - 14:07:18 - [0,029] ----D C:\Users\Reinaldo\AppData\Roaming\SPB_16.6
O43 - CFD: 19/01/2014 - 16:08:40 - [0] ----D C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cadence
~ Program Folder: 152 Legitimates Filtered in 01mn 16s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7495B46E803B36F09F3A2BEBA626F5B4] - 07/03/2014 - 01:10:56 ---A- . (...) -- C:\fraglist.luar [3639]
O44 - LFC:[MD5.5B3C8E1FC3016A84C085C7D5718D55E7] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [163446]
O44 - LFC:[MD5.C7C02C543E30934336C49AFC27B04C90] - 10/03/2014 - 14:05:07 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [721428]
O44 - LFC:[MD5.FD95C30691C8B52BC8FEFADD8308FE38] - 11/03/2014 - 21:45:26 ---A- . (...) -- C:\Archive.ini [47]
O44 - LFC:[MD5.D0B86ACD8E593794549D949D8997B2EA] - 12/03/2014 - 16:17:52 ---A- . (...) -- C:\zoek-results2014-03-12-191752.log [1305]
O44 - LFC:[MD5.DC46A16FC21735700B05AB3AD82AE14C] - 12/03/2014 - 19:24:08 ---A- . (...) -- C:\zoek-results2014-03-12-222408.log [1398]
O44 - LFC:[MD5.16472D09785F18B13E0B514C924CC388] - 13/03/2014 - 20:14:49 ---A- . (...) -- C:\zoek-results2014-03-13-231449.log [1447]
O44 - LFC:[MD5.D3C29F5D94C2D8A2AD361685CB654510] - 14/03/2014 - 09:09:10 ---A- . (...) -- C:\Windows\ntbtlog.txt [375126]
O44 - LFC:[MD5.1DAAC4FC2CD13902818A6925A6522B64] - 14/03/2014 - 09:12:54 ---A- . (...) -- C:\zoek-results.log [1433]
O44 - LFC:[MD5.CDAE1BF600D63DD66543A4EA89CD237E] - 14/03/2014 - 09:12:56 ---A- . (...) -- C:\runcheck.txt [583]
~ Files: 49 Legitimates Filtered in 00mn 02s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NIRegistrationWizard [Key] . (...) -- C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.CF54BC5630C200393369DDD1A5B63261] - 16/01/2014 - 13:41:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 23/01/2014 - 17:24:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264]
O58 - SDL:[MD5.2B3B8CBEA1BA1BCE5700607FBDB31034] - 31/10/2008 - 16:19:36 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [117888]
O58 - SDL:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 16/01/2014 - 22:28:14 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 10:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 14/03/2014 - 12:09:57 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 23/01/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 23/01/2014 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.91380B3C3D79D145160769B14320F9BD] [SPRF][23/01/2014] (...) -- C:\Users\Reinaldo\AppData\Roaming\unins000.dat [108204]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Reinaldo\Desktop\PureRa.exe [76565]
~ Files: 3 Legitimates Filtered in 00mn 03s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{63356659-DD15-46B1-B553-85C9D2754DA2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\pcb\bin\productserver.exe
O87 - FAEL: "{14188811-12E5-42A5-8B4E-B5C2A94C39C2}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\openaccess\bin\win32\opt\oadmturboserver.exe
O87 - FAEL: "{2999E29F-B156-4501-8252-31C95464F1F7}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\OpenAccess\bin\win32\opt\oaFSLockD.exe
O87 - FAEL: "{AB3CA2C1-9882-451C-9E88-64DD9352394A}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmsgserver.exe
O87 - FAEL: "{1331E8F6-F3DE-4176-8763-7A99D75BBED6}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsnameserver.exe
O87 - FAEL: "{60F7F65B-BA28-43E2-877D-AB6E7151F9EE}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\cdsmps.exe
O87 - FAEL: "{C6CF7CCD-47DA-4E59-84C9-25E1415D2DCA}" | In - None - P17 - TRUE | .(...) -- C:\OrCAD\OrCAD_16.6_Lite\tools\bin\clsbd.exe
~ Firewall: 187 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "30ECD8C76498A2744AC1973562E91FF7" . (.GuiaMultimidia.) -- C:\Windows\Installer\{7C8DCE03-8946-472A-A41C-7953269EF17F}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.9.2.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 280 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 281 Legitimates Filtered in 00mn 27s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/09/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/09/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 22/05/2012 76488 | (NIApplicationWebServer64) . (.National Instruments Corporation.) - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SS - | Demand 02/08/2010 1427688 | (NILM License Manager) . (.Macrovision Corporation.) - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
SS - | Demand 18/05/2012 139488 | (OpcEnum) . (.OPC Foundation.) - C:\Windows\SysWOW64\Opcenum.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Demand 13/12/2011 105984 | (CorelCreatorMessages) . (.Global Graphics Software Ltd.) - C:\Windows\system32\CorelCreatorMessages.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 06/05/2011 695136 | (LkCitadelServer) . (.National Instruments, Inc..) - C:\Windows\SysWOW64\lkcitdl.exe
SR - | Auto 05/06/2012 50328 | (lkClassAds) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lkads.exe
SR - | Auto 05/06/2012 60568 | (lkTimeSync) . (.National Instruments Corporation.) - C:\Windows\SysWOW64\lktsrv.exe
SR - | Auto 22/05/2012 51360 | (mxssvr) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
SR - | Auto 29/03/2011 598312 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 22/05/2012 53960 | (NIApplicationWebServer) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
SR - | Auto 05/06/2012 370328 | (NIDomainService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
SR - | Auto 31/05/2012 258776 | (nimDNSResponder) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
SR - | Auto 05/06/2012 169192 | (NINetworkDiscovery) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
SR - | Auto 22/05/2012 53952 | (niSvcLoc) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
SR - | Auto 07/06/2012 680624 | (NITaggerService) . (.National Instruments Corporation.) - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
SR - | Auto 23/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 29s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 472477 Items scanned in 00mn 24s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
~ MSI: 2 link(s) detected in 00mn 24s
~ 1200 Legitimates filtered by white list
End of the scan (491 lines in 03mn 09s)(0)
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 15 Mar 2014, 23:45, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre :
Run by Reinaldo at 15/03/2014 23:32:38
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
========== Estado dos serviços ==========
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\reinaldo\appdata\local\google\chrome\user data\default\preferences
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (7) (2.829.316 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Processo memória
4 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
2 : Estado dos serviços
1 : Restauração Sistema
End of clean in 01mn 52s
========== Caminho do ficheiro do relatório ==========
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/03/2014 16:44:57 [4247]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15/03/2014 16:51:18 [3013]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 15/03/2014 23:28:31 [2396]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R4].txt - 15/03/2014 23:32:41 [2395]
Fichier d'export Registre :
Run by Reinaldo at 15/03/2014 23:32:38
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
========== Estado dos serviços ==========
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\reinaldo\appdata\local\google\chrome\user data\default\preferences
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (7) (2.829.316 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Processo memória
4 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
2 : Estado dos serviços
1 : Restauração Sistema
End of clean in 01mn 52s
========== Caminho do ficheiro do relatório ==========
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15/03/2014 16:44:57 [4247]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15/03/2014 16:51:18 [3013]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R3].txt - 15/03/2014 23:28:31 [2396]
C:\Users\Reinaldo\AppData\Roaming\ZHP\ZHPFix[R4].txt - 15/03/2014 23:32:41 [2395]
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)
Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version
*Execute o FRST e aceite o contrato
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Scan]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Ao término clique [OK] > [OK]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Última edição por Power Max em Seg 24 Mar 2014, 13:05, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Como excluir Baidu Antivirus e Baidu PC Faster
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Reinaldo (administrator) on REINALDO-STI on 16-03-2014 14:08:32
Running from C:\Users\Reinaldo\Downloads
Windows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(Baidu Inc.) C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Global Graphics Software Ltd.) C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Octoshape ApS) C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Baidu Inc.) C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Global Graphics Software Ltd) C:\Windows\system32\CorelCreatorMessages.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Reinaldo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [CorelCreatorClient] - C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe [779776 2011-12-13] (Global Graphics Software Ltd.)
HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe [571888 2014-01-23] (Baidu Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\Run: [Google Update] - C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-26] (Google Inc.)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\Run: [Octoshape Streaming Services] - C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\RunOnce: [Application Restart #4] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program => "C:\Program" File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {088AE99D-2829-43A6-8CC4-E0DC766723F4} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 189.6.0.78 189.6.0.134
Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Pesquisa do Google) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-01-23]
CHR Extension: (Gmail) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR Extension: (tperfectcaoupon) - C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl [2013-12-22]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Reinaldo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-01-23]
==================== Services (Whitelisted) =================
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2011-12-13] (Global Graphics Software Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136 2013-10-08] (GAS Tecnologia)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
U2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920 2014-01-23] (Baidu Inc.)
==================== Drivers (Whitelisted) ====================
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [83264 2014-01-23] (Baidu, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2008-10-31] (Mobile Connector)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
U3 PCFApiUtil; C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [145664 2014-01-23] (Baidu, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 14:08 - 2014-03-16 14:08 - 00013198 _____ () C:\Users\Reinaldo\Downloads\FRST.txt
2014-03-16 14:05 - 2014-03-16 14:08 - 00000000 ____D () C:\FRST
2014-03-16 14:05 - 2014-03-16 14:05 - 00001128 _____ () C:\Users\Reinaldo\Desktop\FRST64 - Atalho.lnk
2014-03-16 14:03 - 2014-03-16 14:03 - 02157056 _____ (Farbar) C:\Users\Reinaldo\Downloads\FRST64.exe
2014-03-15 23:33 - 2014-03-15 23:32 - 00002478 _____ () C:\Users\Reinaldo\Desktop\ZHPFixReport.txt
2014-03-15 18:37 - 2014-03-15 18:37 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Baidu Security
2014-03-15 18:06 - 2014-03-15 18:06 - 00037533 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.txt
2014-03-14 22:11 - 2014-03-15 23:33 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\ZHP
2014-03-14 22:11 - 2014-03-15 18:03 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-14 22:11 - 2014-03-14 22:11 - 00002008 _____ () C:\Users\Reinaldo\Desktop\ZHPFix.lnk
2014-03-14 22:11 - 2014-03-14 22:11 - 00001881 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.lnk
2014-03-14 22:08 - 2014-03-14 22:08 - 06866688 _____ (Nicolas Coolman ) C:\Users\Reinaldo\Downloads\ZHPDiag2.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00513050 _____ () C:\Users\Reinaldo\Downloads\5411_14.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00000000 ____D () C:\Editora Érica
2014-03-14 16:48 - 2014-03-14 16:48 - 00895705 _____ (Xceed Software Inc. 1-450-442-2626 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Users\Reinaldo\Downloads\5411.exe
2014-03-14 09:12 - 2014-03-13 20:14 - 00001447 _____ () C:\zoek-results2014-03-13-231449.log
2014-03-13 20:14 - 2014-03-12 19:24 - 00001398 _____ () C:\zoek-results2014-03-12-222408.log
2014-03-12 19:23 - 2014-03-12 16:17 - 00001305 _____ () C:\zoek-results2014-03-12-191752.log
2014-03-12 16:17 - 2014-03-14 09:12 - 00001433 _____ () C:\zoek-results.log
2014-03-12 16:16 - 2014-03-12 16:16 - 01285120 _____ () C:\Users\Reinaldo\Downloads\zoek.exe
2014-03-12 13:41 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 13:41 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 13:41 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 13:41 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 13:41 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 13:41 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 13:41 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 13:41 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 13:41 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 13:41 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 13:41 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 13:41 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 13:41 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 13:41 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 13:41 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 13:41 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 13:41 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 13:41 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 13:41 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 13:41 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 13:41 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 13:41 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 13:41 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 13:41 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 13:41 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 13:41 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 13:41 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 13:41 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 13:41 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 13:41 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 13:41 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 13:41 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:41 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 13:41 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 13:41 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 13:41 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 13:41 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 13:41 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 13:41 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 13:41 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 13:36 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 13:35 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 13:35 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 13:35 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 13:30 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 13:30 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 13:29 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 13:29 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 13:10 - 2014-03-12 13:10 - 00001148 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:09 - 2014-03-12 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Reinaldo\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 23:44 - 2014-03-11 23:44 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis (1).rar
2014-03-11 22:58 - 2014-03-11 23:13 - 00000000 ____D () C:\AdwCleaner
2014-03-11 22:58 - 2014-03-11 22:58 - 01949184 _____ () C:\Users\Reinaldo\Downloads\AdwCleaner.exe
2014-03-11 22:49 - 2014-03-11 22:49 - 00411136 _____ () C:\Users\Reinaldo\Downloads\aula01.ppt
2014-03-08 20:44 - 2014-03-08 20:44 - 00000000 ____D () C:\Users\Reinaldo\Documents\BlackBerry
2014-03-08 20:35 - 2014-03-08 20:54 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-08 20:35 - 2014-03-08 20:54 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.Exception.log
2014-03-08 20:35 - 2014-03-08 20:42 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Research In Motion
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Research In Motion
2014-03-08 20:26 - 2014-03-08 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-03-08 20:16 - 2014-03-08 20:16 - 00001153 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-03-08 20:16 - 2014-03-08 20:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-03-08 20:16 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\Users\Todos os Usuários\Research In Motion
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-03-08 20:14 - 2014-03-08 20:14 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-03-07 01:10 - 2014-03-07 01:10 - 00003639 _____ () C:\fraglist.luar
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Spark
2014-03-05 09:04 - 2014-03-07 10:44 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-03-02 15:52 - 2014-03-02 15:52 - 00000000 ____D () C:\Users\Reinaldo\ChildrenNVAC
2014-03-01 15:01 - 2014-03-01 15:01 - 00507392 _____ () C:\Users\Reinaldo\Downloads\eletronortecadastroreserva.xls
2014-02-22 14:27 - 2014-02-22 14:29 - 00000000 ____D () C:\Users\Reinaldo\Desktop\Raissa
2014-02-22 13:22 - 2014-02-22 13:23 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis.rar
2014-02-14 06:35 - 2014-02-14 06:35 - 00283931 _____ () C:\Users\Reinaldo\Downloads\redisciplinasementasps.zip
==================== One Month Modified Files and Folders =======
2014-03-16 14:08 - 2014-03-16 14:08 - 00013198 _____ () C:\Users\Reinaldo\Downloads\FRST.txt
2014-03-16 14:08 - 2014-03-16 14:05 - 00000000 ____D () C:\FRST
2014-03-16 14:05 - 2014-03-16 14:05 - 00001128 _____ () C:\Users\Reinaldo\Desktop\FRST64 - Atalho.lnk
2014-03-16 14:03 - 2014-03-16 14:03 - 02157056 _____ (Farbar) C:\Users\Reinaldo\Downloads\FRST64.exe
2014-03-16 14:02 - 2013-09-28 23:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 13:53 - 2013-09-14 13:24 - 01229306 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 13:43 - 2013-09-26 23:43 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3889674999-1771675981-1625549820-1000UA.job
2014-03-16 13:36 - 2013-09-26 17:40 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 10:15 - 2013-09-26 23:43 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3889674999-1771675981-1625549820-1000Core.job
2014-03-16 10:10 - 2009-07-14 01:45 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 10:10 - 2009-07-14 01:45 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 23:34 - 2013-09-28 23:15 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 23:33 - 2014-03-14 22:11 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\ZHP
2014-03-15 23:32 - 2014-03-15 23:33 - 00002478 _____ () C:\Users\Reinaldo\Desktop\ZHPFixReport.txt
2014-03-15 18:37 - 2014-03-15 18:37 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Baidu Security
2014-03-15 18:06 - 2014-03-15 18:06 - 00037533 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.txt
2014-03-15 18:03 - 2014-03-14 22:11 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-15 16:43 - 2014-01-23 17:21 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-03-15 16:43 - 2014-01-23 17:21 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-03-15 10:42 - 2013-09-28 23:16 - 00002200 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 22:16 - 2013-09-29 07:40 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\CrashDumps
2014-03-14 22:11 - 2014-03-14 22:11 - 00002008 _____ () C:\Users\Reinaldo\Desktop\ZHPFix.lnk
2014-03-14 22:11 - 2014-03-14 22:11 - 00001881 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.lnk
2014-03-14 22:08 - 2014-03-14 22:08 - 06866688 _____ (Nicolas Coolman ) C:\Users\Reinaldo\Downloads\ZHPDiag2.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00513050 _____ () C:\Users\Reinaldo\Downloads\5411_14.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00000000 ____D () C:\Editora Érica
2014-03-14 16:48 - 2014-03-14 16:48 - 00895705 _____ (Xceed Software Inc. 1-450-442-2626 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Users\Reinaldo\Downloads\5411.exe
2014-03-14 12:10 - 2014-01-16 22:26 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-03-14 12:10 - 2014-01-16 22:26 - 00000000 ____D () C:\ProgramData\Log
2014-03-14 12:10 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 12:09 - 2014-01-23 18:50 - 00178172 _____ () C:\Windows\PFRO.log
2014-03-14 12:09 - 2014-01-23 18:50 - 00012555 _____ () C:\Windows\setupact.log
2014-03-14 12:09 - 2014-01-23 18:49 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys
2014-03-14 12:09 - 2014-01-23 18:49 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-03-14 12:09 - 2014-01-23 18:49 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-03-14 09:12 - 2014-03-12 16:17 - 00001433 _____ () C:\zoek-results.log
2014-03-14 09:12 - 2014-01-17 14:16 - 00000583 _____ () C:\runcheck.txt
2014-03-14 03:18 - 2009-07-14 01:45 - 00337488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 20:14 - 2014-03-14 09:12 - 00001447 _____ () C:\zoek-results2014-03-13-231449.log
2014-03-13 20:04 - 2013-09-15 16:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 20:04 - 2013-09-15 16:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:01 - 2013-09-16 17:58 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-03-13 20:01 - 2013-09-16 17:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:24 - 2014-03-13 20:14 - 00001398 _____ () C:\zoek-results2014-03-12-222408.log
2014-03-12 16:17 - 2014-03-12 19:23 - 00001305 _____ () C:\zoek-results2014-03-12-191752.log
2014-03-12 16:16 - 2014-03-12 16:16 - 01285120 _____ () C:\Users\Reinaldo\Downloads\zoek.exe
2014-03-12 13:36 - 2013-09-26 17:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:36 - 2013-09-26 17:40 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:36 - 2012-07-11 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 13:10 - 2014-03-12 13:10 - 00001148 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:09 - 2014-03-12 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Reinaldo\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 23:44 - 2014-03-11 23:44 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis (1).rar
2014-03-11 23:13 - 2014-03-11 22:58 - 00000000 ____D () C:\AdwCleaner
2014-03-11 22:58 - 2014-03-11 22:58 - 01949184 _____ () C:\Users\Reinaldo\Downloads\AdwCleaner.exe
2014-03-11 22:49 - 2014-03-11 22:49 - 00411136 _____ () C:\Users\Reinaldo\Downloads\aula01.ppt
2014-03-11 21:45 - 2013-10-08 20:40 - 00000047 _____ () C:\Archive.ini
2014-03-10 14:05 - 2011-04-12 10:40 - 00721428 _____ () C:\Windows\system32\prfh0416.dat
2014-03-10 14:05 - 2011-04-12 10:40 - 00163446 _____ () C:\Windows\system32\prfc0416.dat
2014-03-10 14:05 - 2009-07-14 02:13 - 00006250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 20:34 - 2013-10-06 15:58 - 00000000 ____D () C:\Users\Reinaldo\IFB
2014-03-08 20:54 - 2014-03-08 20:35 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-08 20:54 - 2014-03-08 20:35 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.Exception.log
2014-03-08 20:44 - 2014-03-08 20:44 - 00000000 ____D () C:\Users\Reinaldo\Documents\BlackBerry
2014-03-08 20:42 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Research In Motion
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Research In Motion
2014-03-08 20:26 - 2014-03-08 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-03-08 20:16 - 2014-03-08 20:16 - 00001153 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-03-08 20:16 - 2014-03-08 20:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\Users\Todos os Usuários\Research In Motion
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-03-08 20:14 - 2014-03-08 20:14 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-03-07 10:44 - 2014-03-05 09:04 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-03-07 01:10 - 2014-03-07 01:10 - 00003639 _____ () C:\fraglist.luar
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Spark
2014-03-06 17:23 - 2013-10-16 18:59 - 00000000 ____D () C:\Users\Reinaldo\UNB
2014-03-06 17:23 - 2013-09-14 13:24 - 00000000 ____D () C:\Users\Reinaldo
2014-03-02 15:52 - 2014-03-02 15:52 - 00000000 ____D () C:\Users\Reinaldo\ChildrenNVAC
2014-03-01 15:01 - 2014-03-01 15:01 - 00507392 _____ () C:\Users\Reinaldo\Downloads\eletronortecadastroreserva.xls
2014-03-01 03:05 - 2014-03-12 13:41 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 02:17 - 2014-03-12 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 02:16 - 2014-03-12 13:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 01:58 - 2014-03-12 13:41 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 01:52 - 2014-03-12 13:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 01:51 - 2014-03-12 13:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 01:42 - 2014-03-12 13:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 01:40 - 2014-03-12 13:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 01:37 - 2014-03-12 13:41 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 01:33 - 2014-03-12 13:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 01:33 - 2014-03-12 13:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 01:32 - 2014-03-12 13:41 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 01:30 - 2014-03-12 13:41 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 01:23 - 2014-03-12 13:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 01:17 - 2014-03-12 13:41 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 01:11 - 2014-03-12 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 01:02 - 2014-03-12 13:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 00:54 - 2014-03-12 13:41 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 00:52 - 2014-03-12 13:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 00:51 - 2014-03-12 13:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 00:47 - 2014-03-12 13:41 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 00:43 - 2014-03-12 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 00:43 - 2014-03-12 13:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 00:42 - 2014-03-12 13:41 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 00:40 - 2014-03-12 13:41 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 00:38 - 2014-03-12 13:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 00:37 - 2014-03-12 13:41 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 00:35 - 2014-03-12 13:41 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 00:18 - 2014-03-12 13:41 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 00:16 - 2014-03-12 13:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 00:14 - 2014-03-12 13:41 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 00:10 - 2014-03-12 13:41 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 00:03 - 2014-03-12 13:41 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 00:00 - 2014-03-12 13:41 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 23:57 - 2014-03-12 13:41 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 23:38 - 2014-03-12 13:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 23:32 - 2014-03-12 13:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 23:27 - 2014-03-12 13:41 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 23:25 - 2014-03-12 13:41 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 23:25 - 2014-03-12 13:41 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 22:00 - 2013-12-15 09:34 - 00000000 ____D () C:\Users\Reinaldo\Cultos NVAC
2014-02-24 20:01 - 2013-11-09 15:25 - 00000000 ____D () C:\Users\Reinaldo\GV
2014-02-22 14:29 - 2014-02-22 14:27 - 00000000 ____D () C:\Users\Reinaldo\Desktop\Raissa
2014-02-22 13:23 - 2014-02-22 13:22 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis.rar
2014-02-14 06:35 - 2014-02-14 06:35 - 00283931 _____ () C:\Users\Reinaldo\Downloads\redisciplinasementasps.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 08:13
==================== End Of Log ============================
Ran by Reinaldo (administrator) on REINALDO-STI on 16-03-2014 14:08:32
Running from C:\Users\Reinaldo\Downloads
Windows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(Baidu Inc.) C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Global Graphics Software Ltd.) C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Octoshape ApS) C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Baidu Inc.) C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Global Graphics Software Ltd) C:\Windows\system32\CorelCreatorMessages.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Reinaldo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [CorelCreatorClient] - C:\Program Files (x86)\Corel\Corel PDF Fusion\CorelCreatorClient.exe [779776 2011-12-13] (Global Graphics Software Ltd.)
HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe [571888 2014-01-23] (Baidu Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\Run: [Google Update] - C:\Users\Reinaldo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-26] (Google Inc.)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\Run: [Octoshape Streaming Services] - C:\Users\Reinaldo\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3889674999-1771675981-1625549820-1000\...\RunOnce: [Application Restart #4] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files => C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: C:\Program => "C:\Program" File Not Found
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {088AE99D-2829-43A6-8CC4-E0DC766723F4} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 189.6.0.78 189.6.0.134
Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]
CHR Extension: (Google Drive) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Pesquisa do Google) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Google Wallet) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2014-01-23]
CHR Extension: (Gmail) - C:\Users\Reinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]
CHR Extension: (tperfectcaoupon) - C:\ProgramData\djddlnimoncbbimiknkgphlfcnagmldl [2013-12-22]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Reinaldo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-01-23]
==================== Services (Whitelisted) =================
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R3 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2011-12-13] (Global Graphics Software Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136 2013-10-08] (GAS Tecnologia)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
U2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [679920 2014-01-23] (Baidu Inc.)
==================== Drivers (Whitelisted) ====================
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [83264 2014-01-23] (Baidu, Inc.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2008-10-31] (Mobile Connector)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
U3 PCFApiUtil; C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [145664 2014-01-23] (Baidu, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 14:08 - 2014-03-16 14:08 - 00013198 _____ () C:\Users\Reinaldo\Downloads\FRST.txt
2014-03-16 14:05 - 2014-03-16 14:08 - 00000000 ____D () C:\FRST
2014-03-16 14:05 - 2014-03-16 14:05 - 00001128 _____ () C:\Users\Reinaldo\Desktop\FRST64 - Atalho.lnk
2014-03-16 14:03 - 2014-03-16 14:03 - 02157056 _____ (Farbar) C:\Users\Reinaldo\Downloads\FRST64.exe
2014-03-15 23:33 - 2014-03-15 23:32 - 00002478 _____ () C:\Users\Reinaldo\Desktop\ZHPFixReport.txt
2014-03-15 18:37 - 2014-03-15 18:37 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Baidu Security
2014-03-15 18:06 - 2014-03-15 18:06 - 00037533 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.txt
2014-03-14 22:11 - 2014-03-15 23:33 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\ZHP
2014-03-14 22:11 - 2014-03-15 18:03 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-14 22:11 - 2014-03-14 22:11 - 00002008 _____ () C:\Users\Reinaldo\Desktop\ZHPFix.lnk
2014-03-14 22:11 - 2014-03-14 22:11 - 00001881 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.lnk
2014-03-14 22:08 - 2014-03-14 22:08 - 06866688 _____ (Nicolas Coolman ) C:\Users\Reinaldo\Downloads\ZHPDiag2.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00513050 _____ () C:\Users\Reinaldo\Downloads\5411_14.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00000000 ____D () C:\Editora Érica
2014-03-14 16:48 - 2014-03-14 16:48 - 00895705 _____ (Xceed Software Inc. 1-450-442-2626 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Users\Reinaldo\Downloads\5411.exe
2014-03-14 09:12 - 2014-03-13 20:14 - 00001447 _____ () C:\zoek-results2014-03-13-231449.log
2014-03-13 20:14 - 2014-03-12 19:24 - 00001398 _____ () C:\zoek-results2014-03-12-222408.log
2014-03-12 19:23 - 2014-03-12 16:17 - 00001305 _____ () C:\zoek-results2014-03-12-191752.log
2014-03-12 16:17 - 2014-03-14 09:12 - 00001433 _____ () C:\zoek-results.log
2014-03-12 16:16 - 2014-03-12 16:16 - 01285120 _____ () C:\Users\Reinaldo\Downloads\zoek.exe
2014-03-12 13:41 - 2014-03-01 03:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 13:41 - 2014-03-01 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 13:41 - 2014-03-01 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 13:41 - 2014-03-01 01:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 13:41 - 2014-03-01 01:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 13:41 - 2014-03-01 01:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 13:41 - 2014-03-01 01:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 13:41 - 2014-03-01 01:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 13:41 - 2014-03-01 01:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 13:41 - 2014-03-01 01:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 13:41 - 2014-03-01 01:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 13:41 - 2014-03-01 01:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 13:41 - 2014-03-01 01:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 13:41 - 2014-03-01 01:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 13:41 - 2014-03-01 01:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 13:41 - 2014-03-01 01:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 13:41 - 2014-03-01 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 13:41 - 2014-03-01 00:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 13:41 - 2014-03-01 00:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 13:41 - 2014-03-01 00:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 13:41 - 2014-03-01 00:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 13:41 - 2014-03-01 00:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 13:41 - 2014-03-01 00:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 13:41 - 2014-03-01 00:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 13:41 - 2014-03-01 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 13:41 - 2014-03-01 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 13:41 - 2014-03-01 00:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 13:41 - 2014-03-01 00:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 13:41 - 2014-03-01 00:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 13:41 - 2014-03-01 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 13:41 - 2014-03-01 00:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 13:41 - 2014-03-01 00:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:41 - 2014-03-01 00:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 13:41 - 2014-03-01 00:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 13:41 - 2014-02-28 23:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 13:41 - 2014-02-28 23:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 13:41 - 2014-02-28 23:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 13:41 - 2014-02-28 23:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 13:41 - 2014-02-28 23:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 13:41 - 2014-02-28 23:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 13:36 - 2014-01-27 23:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 13:35 - 2014-02-06 22:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 13:35 - 2014-01-28 23:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 13:35 - 2014-01-28 23:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 13:30 - 2014-02-03 23:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 13:30 - 2014-02-03 23:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 13:29 - 2014-02-03 23:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 13:29 - 2014-02-03 23:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 13:10 - 2014-03-12 13:10 - 00001148 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 13:09 - 2014-03-12 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Reinaldo\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 23:44 - 2014-03-11 23:44 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis (1).rar
2014-03-11 22:58 - 2014-03-11 23:13 - 00000000 ____D () C:\AdwCleaner
2014-03-11 22:58 - 2014-03-11 22:58 - 01949184 _____ () C:\Users\Reinaldo\Downloads\AdwCleaner.exe
2014-03-11 22:49 - 2014-03-11 22:49 - 00411136 _____ () C:\Users\Reinaldo\Downloads\aula01.ppt
2014-03-08 20:44 - 2014-03-08 20:44 - 00000000 ____D () C:\Users\Reinaldo\Documents\BlackBerry
2014-03-08 20:35 - 2014-03-08 20:54 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-08 20:35 - 2014-03-08 20:54 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.Exception.log
2014-03-08 20:35 - 2014-03-08 20:42 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Research In Motion
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Research In Motion
2014-03-08 20:26 - 2014-03-08 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-03-08 20:16 - 2014-03-08 20:16 - 00001153 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-03-08 20:16 - 2014-03-08 20:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-03-08 20:16 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\Users\Todos os Usuários\Research In Motion
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-03-08 20:14 - 2014-03-08 20:14 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-03-07 01:10 - 2014-03-07 01:10 - 00003639 _____ () C:\fraglist.luar
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Spark
2014-03-05 09:04 - 2014-03-07 10:44 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-03-02 15:52 - 2014-03-02 15:52 - 00000000 ____D () C:\Users\Reinaldo\ChildrenNVAC
2014-03-01 15:01 - 2014-03-01 15:01 - 00507392 _____ () C:\Users\Reinaldo\Downloads\eletronortecadastroreserva.xls
2014-02-22 14:27 - 2014-02-22 14:29 - 00000000 ____D () C:\Users\Reinaldo\Desktop\Raissa
2014-02-22 13:22 - 2014-02-22 13:23 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis.rar
2014-02-14 06:35 - 2014-02-14 06:35 - 00283931 _____ () C:\Users\Reinaldo\Downloads\redisciplinasementasps.zip
==================== One Month Modified Files and Folders =======
2014-03-16 14:08 - 2014-03-16 14:08 - 00013198 _____ () C:\Users\Reinaldo\Downloads\FRST.txt
2014-03-16 14:08 - 2014-03-16 14:05 - 00000000 ____D () C:\FRST
2014-03-16 14:05 - 2014-03-16 14:05 - 00001128 _____ () C:\Users\Reinaldo\Desktop\FRST64 - Atalho.lnk
2014-03-16 14:03 - 2014-03-16 14:03 - 02157056 _____ (Farbar) C:\Users\Reinaldo\Downloads\FRST64.exe
2014-03-16 14:02 - 2013-09-28 23:15 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 13:53 - 2013-09-14 13:24 - 01229306 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 13:43 - 2013-09-26 23:43 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3889674999-1771675981-1625549820-1000UA.job
2014-03-16 13:36 - 2013-09-26 17:40 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 10:15 - 2013-09-26 23:43 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3889674999-1771675981-1625549820-1000Core.job
2014-03-16 10:10 - 2009-07-14 01:45 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 10:10 - 2009-07-14 01:45 - 00022624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 23:34 - 2013-09-28 23:15 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 23:33 - 2014-03-14 22:11 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\ZHP
2014-03-15 23:32 - 2014-03-15 23:33 - 00002478 _____ () C:\Users\Reinaldo\Desktop\ZHPFixReport.txt
2014-03-15 18:37 - 2014-03-15 18:37 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Baidu Security
2014-03-15 18:06 - 2014-03-15 18:06 - 00037533 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.txt
2014-03-15 18:03 - 2014-03-14 22:11 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-03-15 16:43 - 2014-01-23 17:21 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-03-15 16:43 - 2014-01-23 17:21 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-03-15 10:42 - 2013-09-28 23:16 - 00002200 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 22:16 - 2013-09-29 07:40 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\CrashDumps
2014-03-14 22:11 - 2014-03-14 22:11 - 00002008 _____ () C:\Users\Reinaldo\Desktop\ZHPFix.lnk
2014-03-14 22:11 - 2014-03-14 22:11 - 00001881 _____ () C:\Users\Reinaldo\Desktop\ZHPDiag.lnk
2014-03-14 22:08 - 2014-03-14 22:08 - 06866688 _____ (Nicolas Coolman ) C:\Users\Reinaldo\Downloads\ZHPDiag2.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00513050 _____ () C:\Users\Reinaldo\Downloads\5411_14.exe
2014-03-14 17:51 - 2014-03-14 17:51 - 00000000 ____D () C:\Editora Érica
2014-03-14 16:48 - 2014-03-14 16:48 - 00895705 _____ (Xceed Software Inc. 1-450-442-2626 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Users\Reinaldo\Downloads\5411.exe
2014-03-14 12:10 - 2014-01-16 22:26 - 00000000 ____D () C:\Users\Todos os Usuários\Log
2014-03-14 12:10 - 2014-01-16 22:26 - 00000000 ____D () C:\ProgramData\Log
2014-03-14 12:10 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 12:09 - 2014-01-23 18:50 - 00178172 _____ () C:\Windows\PFRO.log
2014-03-14 12:09 - 2014-01-23 18:50 - 00012555 _____ () C:\Windows\setupact.log
2014-03-14 12:09 - 2014-01-23 18:49 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\SysWOW64\Drivers\gbpndisrd.sys
2014-03-14 12:09 - 2014-01-23 18:49 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-03-14 12:09 - 2014-01-23 18:49 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-03-14 09:12 - 2014-03-12 16:17 - 00001433 _____ () C:\zoek-results.log
2014-03-14 09:12 - 2014-01-17 14:16 - 00000583 _____ () C:\runcheck.txt
2014-03-14 03:18 - 2009-07-14 01:45 - 00337488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 20:14 - 2014-03-14 09:12 - 00001447 _____ () C:\zoek-results2014-03-13-231449.log
2014-03-13 20:04 - 2013-09-15 16:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 20:04 - 2013-09-15 16:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 20:01 - 2013-09-16 17:58 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-03-13 20:01 - 2013-09-16 17:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 19:24 - 2014-03-13 20:14 - 00001398 _____ () C:\zoek-results2014-03-12-222408.log
2014-03-12 16:17 - 2014-03-12 19:23 - 00001305 _____ () C:\zoek-results2014-03-12-191752.log
2014-03-12 16:16 - 2014-03-12 16:16 - 01285120 _____ () C:\Users\Reinaldo\Downloads\zoek.exe
2014-03-12 13:36 - 2013-09-26 17:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:36 - 2013-09-26 17:40 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:36 - 2012-07-11 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 13:10 - 2014-03-12 13:10 - 00001148 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:09 - 2014-03-12 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Reinaldo\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-11 23:44 - 2014-03-11 23:44 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis (1).rar
2014-03-11 23:13 - 2014-03-11 22:58 - 00000000 ____D () C:\AdwCleaner
2014-03-11 22:58 - 2014-03-11 22:58 - 01949184 _____ () C:\Users\Reinaldo\Downloads\AdwCleaner.exe
2014-03-11 22:49 - 2014-03-11 22:49 - 00411136 _____ () C:\Users\Reinaldo\Downloads\aula01.ppt
2014-03-11 21:45 - 2013-10-08 20:40 - 00000047 _____ () C:\Archive.ini
2014-03-10 14:05 - 2011-04-12 10:40 - 00721428 _____ () C:\Windows\system32\prfh0416.dat
2014-03-10 14:05 - 2011-04-12 10:40 - 00163446 _____ () C:\Windows\system32\prfc0416.dat
2014-03-10 14:05 - 2009-07-14 02:13 - 00006250 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 20:34 - 2013-10-06 15:58 - 00000000 ____D () C:\Users\Reinaldo\IFB
2014-03-08 20:54 - 2014-03-08 20:35 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-08 20:54 - 2014-03-08 20:35 - 00000154 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.Exception.log
2014-03-08 20:44 - 2014-03-08 20:44 - 00000000 ____D () C:\Users\Reinaldo\Documents\BlackBerry
2014-03-08 20:42 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Research In Motion
2014-03-08 20:35 - 2014-03-08 20:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Research In Motion
2014-03-08 20:26 - 2014-03-08 20:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2014-03-08 20:16 - 2014-03-08 20:16 - 00001153 _____ () C:\Users\Reinaldo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-03-08 20:16 - 2014-03-08 20:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\Users\Todos os Usuários\Research In Motion
2014-03-08 20:15 - 2014-03-08 20:15 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-03-08 20:14 - 2014-03-08 20:14 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-03-07 10:44 - 2014-03-05 09:04 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-03-07 01:10 - 2014-03-07 01:10 - 00003639 _____ () C:\fraglist.luar
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser
2014-03-07 00:35 - 2014-03-07 00:35 - 00000000 ____D () C:\Users\Reinaldo\AppData\Local\Spark
2014-03-06 17:23 - 2013-10-16 18:59 - 00000000 ____D () C:\Users\Reinaldo\UNB
2014-03-06 17:23 - 2013-09-14 13:24 - 00000000 ____D () C:\Users\Reinaldo
2014-03-02 15:52 - 2014-03-02 15:52 - 00000000 ____D () C:\Users\Reinaldo\ChildrenNVAC
2014-03-01 15:01 - 2014-03-01 15:01 - 00507392 _____ () C:\Users\Reinaldo\Downloads\eletronortecadastroreserva.xls
2014-03-01 03:05 - 2014-03-12 13:41 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 02:17 - 2014-03-12 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 02:16 - 2014-03-12 13:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 01:58 - 2014-03-12 13:41 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 01:52 - 2014-03-12 13:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 01:51 - 2014-03-12 13:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 01:42 - 2014-03-12 13:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 01:40 - 2014-03-12 13:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 01:37 - 2014-03-12 13:41 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 01:33 - 2014-03-12 13:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 01:33 - 2014-03-12 13:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 01:32 - 2014-03-12 13:41 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 01:30 - 2014-03-12 13:41 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 01:23 - 2014-03-12 13:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 01:17 - 2014-03-12 13:41 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 01:11 - 2014-03-12 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 01:02 - 2014-03-12 13:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 00:54 - 2014-03-12 13:41 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 00:52 - 2014-03-12 13:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 00:51 - 2014-03-12 13:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 00:47 - 2014-03-12 13:41 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 00:43 - 2014-03-12 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 00:43 - 2014-03-12 13:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 00:42 - 2014-03-12 13:41 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 00:40 - 2014-03-12 13:41 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 00:38 - 2014-03-12 13:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 00:37 - 2014-03-12 13:41 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 00:35 - 2014-03-12 13:41 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 00:18 - 2014-03-12 13:41 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 00:16 - 2014-03-12 13:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 00:14 - 2014-03-12 13:41 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 00:10 - 2014-03-12 13:41 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 00:03 - 2014-03-12 13:41 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 00:00 - 2014-03-12 13:41 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 23:57 - 2014-03-12 13:41 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 23:38 - 2014-03-12 13:41 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 23:32 - 2014-03-12 13:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 23:27 - 2014-03-12 13:41 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 23:25 - 2014-03-12 13:41 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 23:25 - 2014-03-12 13:41 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 22:00 - 2013-12-15 09:34 - 00000000 ____D () C:\Users\Reinaldo\Cultos NVAC
2014-02-24 20:01 - 2013-11-09 15:25 - 00000000 ____D () C:\Users\Reinaldo\GV
2014-02-22 14:29 - 2014-02-22 14:27 - 00000000 ____D () C:\Users\Reinaldo\Desktop\Raissa
2014-02-22 13:23 - 2014-02-22 13:22 - 08527438 _____ () C:\Users\Reinaldo\Downloads\prova01-comunicacoes-moveis.rar
2014-02-14 06:35 - 2014-02-14 06:35 - 00283931 _____ () C:\Users\Reinaldo\Downloads\redisciplinasementasps.zip
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-11 08:13
==================== End Of Log ============================
reinaldojcf- Membro
- Mensagens : 61
Reputação : 0
Data de inscrição : 16/01/2014
Página 1 de 3 • 1, 2, 3
Tópicos semelhantes
» Como excluir a pasta Baidu Security do meu PC ?
» Como excluir o Baidu Antivirus?
» Expedito Vieira como excluir Baidu antivírus?
» Como tirar o Baidu antivirus?
» Como Faz Pra Remover o Baidu Antivirus do W8 ?
» Como excluir o Baidu Antivirus?
» Expedito Vieira como excluir Baidu antivírus?
» Como tirar o Baidu antivirus?
» Como Faz Pra Remover o Baidu Antivirus do W8 ?
Página 1 de 3
Permissões neste sub-fórum
Não podes responder a tópicos