Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 14 usuários online :: 0 registrados, 0 invisíveis e 14 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Preciso de ajuda para remover o Baidu por completo
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Preciso de ajuda para remover o Baidu por completo
por guijorge Sáb 10 maio 2014, 22:40
Instalaram o Baidu aqui no meu pc e eu não estou conseguindo desinstalar ele totalmente. Depois que instalou ele, meu pc ficou mais lento e eu não estou conseguindo usar alguns programas, como o "Sxe Injected" que eu uso para um jogo.
Desde já, agradeço pela atenção.
Relatorio do HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:14, on 10/5/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CASA\Meus documentos\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC App Store Uninstall 3.14.9.3480.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: Baixar com Mipony - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
--
End of file - 6980 bytes
Desde já, agradeço pela atenção.
Relatorio do HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:14, on 10/5/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CASA\Meus documentos\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC App Store Uninstall 3.14.9.3480.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: Baixar com Mipony - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
--
End of file - 6980 bytes
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Sáb 10 maio 2014, 23:38
Olá guijorge.Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 00:12
# AdwCleaner v3.207 - Relatório criado 10/05/2014 às 21:54:37
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : CASA - CASA-CE19F7E264
# Executando de : C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
[#] Serviço Deletada : WajamUpdaterV3
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Dowonloadu kkeepeer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SearchNewTab
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\Conduit
Pasta Deletada : C:\Arquivos de programas\DealPly
Pasta Deletada : C:\Arquivos de programas\Iminent
Pasta Deletada : C:\Arquivos de programas\IminentToolbar
Pasta Deletada : C:\Arquivos de programas\Mobogenie
Pasta Deletada : C:\Arquivos de programas\Optimizer Pro
Pasta Deletada : C:\Arquivos de programas\SaveSense
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\Wajam
Pasta Deletada : C:\Arquivos de programas\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\Movier-media
Pasta Deletada : C:\Arquivos de programas\Arquivos comuns\Umbrella
Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Conduit
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\FilesFrog Update Checker
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\genienext
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Mobogenie
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Movier-media
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\DealPly
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\IminentToolbar
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\newnext.me
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SwvUpdater
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SmartTweak Software
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Meus documentos\Mobogenie
Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\rcdyafe@jol-ae.net
[!] Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Documents and Settings\CASA\daemonprocess.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\regsvr32.exe_log.txt
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\invalidprefs.js
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\browser\searchplugins\StartWeb.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\user.js
Arquivo Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKCU\Toolbar
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CB6EC1D6-C605-463F-BF4C-35C8979BD948}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Crossrider
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Mp3Tube
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\smarttweak
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\Movier-media
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\Tarma Installer
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\Software\Movier-media
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Movier-media Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v7.0.5730.13
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js ]
Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.search.defaultenginename", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename,S", "WebSearch");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.webisgreat.info/?pid=512&r=2014/02/15&hid=13662907570809320993&lg=EN&cc=BR&unqvl=48&l=1&q=");
Linha deletada : user_pref("browser.search.order.1", "WebSearch");
Linha deletada : user_pref("browser.search.order.1,S", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine,S", "WebSearch");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.findwide.com/?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&serpv=22");
Linha deletada : user_pref("extensions.9_MKq80Szm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.c[...]
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.MP3RV7C.domain", "\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("extensions.OACI.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14316086948d95d27677771cb3cdf568");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.delta.instlDay", "15927");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.22.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.22.00:48:02");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.22.0");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=123892&tsp=4970");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.iminent.instlDay", "16064");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.314:11:49");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("extensions.y24.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.typ[...]
Linha deletada : user_pref("iminent.LayoutId", "1");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.adapters", "{\"thepiratebay\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387987960297259200\"},\"pastebin\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Sta[...]
Linha deletada : user_pref("iminent.enabledAds", "false");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1387996550057");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1387992297497");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1387992441772");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1387992441826");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1387992444590");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1387992441847");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1388000487425");
Linha deletada : user_pref("iminent.version", "7.51.3.1");
Linha deletada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1387987937293,\"InstallEvent\":\"True\"}");
Linha deletada : user_pref("keyword.URL", "hxxp://search.findwide.com/serp?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&action=default_search&serpv=22&k=");
Linha deletada : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Linha deletada : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
*************************
AdwCleaner[R0].txt - [29864 octets] - [10/05/2014 21:52:50]
AdwCleaner[S0].txt - [28820 octets] - [10/05/2014 21:54:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28881 octets] ##########
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : CASA - CASA-CE19F7E264
# Executando de : C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
[#] Serviço Deletada : WajamUpdaterV3
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Dowonloadu kkeepeer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SearchNewTab
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\Conduit
Pasta Deletada : C:\Arquivos de programas\DealPly
Pasta Deletada : C:\Arquivos de programas\Iminent
Pasta Deletada : C:\Arquivos de programas\IminentToolbar
Pasta Deletada : C:\Arquivos de programas\Mobogenie
Pasta Deletada : C:\Arquivos de programas\Optimizer Pro
Pasta Deletada : C:\Arquivos de programas\SaveSense
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\Wajam
Pasta Deletada : C:\Arquivos de programas\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\Movier-media
Pasta Deletada : C:\Arquivos de programas\Arquivos comuns\Umbrella
Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Conduit
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\FilesFrog Update Checker
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\genienext
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Mobogenie
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Movier-media
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\DealPly
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\IminentToolbar
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\newnext.me
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SwvUpdater
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SmartTweak Software
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Meus documentos\Mobogenie
Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\rcdyafe@jol-ae.net
[!] Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Documents and Settings\CASA\daemonprocess.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\regsvr32.exe_log.txt
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\invalidprefs.js
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\browser\searchplugins\StartWeb.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\user.js
Arquivo Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKCU\Toolbar
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CB6EC1D6-C605-463F-BF4C-35C8979BD948}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Crossrider
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Mp3Tube
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\smarttweak
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\Movier-media
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\Tarma Installer
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\Software\Movier-media
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Movier-media Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v7.0.5730.13
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js ]
Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.search.defaultenginename", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename,S", "WebSearch");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.webisgreat.info/?pid=512&r=2014/02/15&hid=13662907570809320993&lg=EN&cc=BR&unqvl=48&l=1&q=");
Linha deletada : user_pref("browser.search.order.1", "WebSearch");
Linha deletada : user_pref("browser.search.order.1,S", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine,S", "WebSearch");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.findwide.com/?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&serpv=22");
Linha deletada : user_pref("extensions.9_MKq80Szm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.c[...]
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.MP3RV7C.domain", "\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("extensions.OACI.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14316086948d95d27677771cb3cdf568");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.delta.instlDay", "15927");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.22.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.22.00:48:02");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.22.0");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=123892&tsp=4970");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.iminent.instlDay", "16064");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.314:11:49");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("extensions.y24.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.typ[...]
Linha deletada : user_pref("iminent.LayoutId", "1");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.adapters", "{\"thepiratebay\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387987960297259200\"},\"pastebin\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Sta[...]
Linha deletada : user_pref("iminent.enabledAds", "false");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1387996550057");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1387992297497");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1387992441772");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1387992441826");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1387992444590");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1387992441847");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1388000487425");
Linha deletada : user_pref("iminent.version", "7.51.3.1");
Linha deletada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1387987937293,\"InstallEvent\":\"True\"}");
Linha deletada : user_pref("keyword.URL", "hxxp://search.findwide.com/serp?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&action=default_search&serpv=22&k=");
Linha deletada : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Linha deletada : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
*************************
AdwCleaner[R0].txt - [29864 octets] - [10/05/2014 21:52:50]
AdwCleaner[S0].txt - [28820 octets] - [10/05/2014 21:54:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28881 octets] ##########
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 00:42
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 01:00
até essa parte eu já tinha feito, eu vi em outro tutorial. Agora o resto eu não fiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by CASA on s b 10/05/2014 at 22:06:47,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1935655697-1326574676-682003330-1003\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\CASA\Dados de aplicativos\getrighttogo"
~~~ FireFox
Successfully deleted the following from C:\Documents and Settings\CASA\Dados de aplicativos\mozilla\firefox\profiles\su6ov3rd.default\prefs.js
user_pref("extensions.9_MKq80Szm.url", "hxxp://jpi-syncer.info/sync2/?q=hfZ9ofV9CShEAen0qjwGtMqLDe49CNU0nVsMCMlNhd9FqdaGrjkFqdw9qjaMBzqUojw9rdkFrdsGrHgFpih7hfs0pihPBMn0qjC8rTa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 10/05/2014 at 22:24:10,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by CASA on s b 10/05/2014 at 22:06:47,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1935655697-1326574676-682003330-1003\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\CASA\Dados de aplicativos\getrighttogo"
~~~ FireFox
Successfully deleted the following from C:\Documents and Settings\CASA\Dados de aplicativos\mozilla\firefox\profiles\su6ov3rd.default\prefs.js
user_pref("extensions.9_MKq80Szm.url", "hxxp://jpi-syncer.info/sync2/?q=hfZ9ofV9CShEAen0qjwGtMqLDe49CNU0nVsMCMlNhd9FqdaGrjkFqdw9qjaMBzqUojw9rdkFrdsGrHgFpih7hfs0pihPBMn0qjC8rTa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 10/05/2014 at 22:24:10,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 01:32
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 11 maio 2014, 13:08, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 02:19
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at 1:38:05,40.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/5/2014 01:39:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:
Added to C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Documents and Settings\CASA\.android deleted
C:\Arquivos de programas\Wise\Wise Registry Cleaner deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\SaveSense deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted
C:\WINDOWS\DUMP5052.tmp deleted
C:\WINDOWS\DUMP51d9.tmp deleted
C:\WINDOWS\DUMP5bfa.tmp deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\tasks\At3.job deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\jetpack deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e" deleted
==== Folders Found ======================
2013-12-07 14:17:57 2013-12-07 14:17:57 -------- d-----w- C:\BaiduDownloads
2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2013-12-30 12:51:02 2013-12-30 12:51:03 -------- d-----w- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu
2013-10-17 20:45:31 2014-05-10 20:06:26 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2014-05-10 20:01:17 2014-05-10 20:01:17 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu
2013-10-17 20:45:43 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2013-10-17 20:46:17 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-19 20:09:05 2013-12-19 20:09:05 -------- d-----w- C:\Documents and Settings\CASA\Meus documentos\Baidu Security
2014-05-10 20:06:08 2014-05-10 21:58:29 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus
2013-10-17 20:45:44 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe
2013-10-18 14:35:26 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe
2013-10-18 14:35:27 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe
2013-10-18 14:35:29 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr
2013-10-18 14:35:29 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr
2013-10-18 14:26:13 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr
2013-12-17 16:25:22 2013-12-17 16:25:22 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb
==== Files Found ======================
--- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 276977
Created time: 2013-08-12 08:53:28
Modified time: 2013-10-17 20:48:51
MD5: 52F117EC12695BC4CA0D23DC6B04C4D0
SHA1: A23CDF0EFABCFCBBFC9E4E31A9B2450C3B254E8F
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 38199
Created time: 2013-10-18 14:32:46
Modified time: 2013-10-18 14:32:46
MD5: E34CC999DAEB385EEE69BD2F0CD751D0
SHA1: B5CD65072EC49F77B8EEACCEAF51026A3DF890BD
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 279579
Created time: 2013-08-12 08:53:30
Modified time: 2013-10-17 20:48:59
MD5: C3CBE9EF4B18574B3543751C63552058
SHA1: D98990408763E5EF3FEE7E1DE55F5643F58775CE
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 89926
Created time: 2013-10-18 14:33:00
Modified time: 2013-10-18 14:33:00
MD5: 206AA22DC62D561F3F843644004CA2F6
SHA1: 27881C4EAFC277B4AB45633E5FF7798470023F46
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 363517
Created time: 2013-08-12 08:53:34
Modified time: 2013-10-17 20:49:11
MD5: 168018466AA174B4DE480BC4425389E3
SHA1: F1635D18ED4B9FE58122C4E969BDE1679BE6B93E
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 37391
Created time: 2013-10-18 14:33:15
Modified time: 2013-10-18 14:33:15
MD5: 49FB585DD6A39C20DE43CAB747D226EE
SHA1: 369B2F302A74E2139A66F013DDB264E835F38700
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 16292
Created time: 2013-10-18 14:34:42
Modified time: 2013-10-18 14:34:42
MD5: 9040D6DE24A6B194CE1B826825525B75
SHA1: 61BAA22D268C54ECF30131D04EC9AC662FF49903
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAndrHelper.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 260800
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: 36A0486F3BB35344A93BE76D97C0F94C
SHA1: AAFB3B7D6F27379B4267CF8805AF5358CBF74B5F
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduBatteryDoctor.exe ---
Company: Baidu Inc.
File Description: Battery Doctor
File Version: 4,0,2,53249
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 531648
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: E8B62AC3A377013D600A7F708083B6A4
SHA1: 5D9A7A76CFCA9AF6D75FFDC5DB423C3E6C79F3AD
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduWifiSharing.exe ---
Company: Baidu Inc.
File Description: Baidu Wifi Sharing
File Version: 4,0,2,53323
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 524992
Created time: 2013-12-13 06:09:42
Modified time: 2013-12-13 06:09:42
MD5: 6EBD57BE7EE1C50F2A48C4E6B1A1A18D
SHA1: 086E873FA44B1F0C3327C93DCA791CFDFF83D18A
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="baidu"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"="Baidu Antivirus Mini Setup"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"="Baidu Antivirus Mini Setup"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"="Baidu Antivirus Setup"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [20/12/2013 23:35]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
- AVG PrivacyFix - %ProfilePath%\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
785105A23650755A8F7A72405EB0D923 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
AC987EE8037531807C5D7E6217A23501 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6768C724599214E4F9ADD9F8FF5097EB - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
01E4DA82C518853EF3B16209C038D7B9 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
A64F2C388DC26BE3E469EDC3657B14F4 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CE6DB25FFA35FD051C503F11DB745862 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll - Silverlight Plug-In
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
65BB0A5EF842C9C85646040F7EFEF91C - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrlui.dll - Microsoft (R) Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fplhdcjmbpfkejbhngmlngaecbjmoimd - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx[25/02/2013 07:09]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://find.localstrike.net/"
"Default_Search_URL"="http://find.localstrike.net/"
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://find.localstrike.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Desktop\EVEREST Ultimate Edition.lnk - C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\CASA\Desktop\Exedb Anti Malware Scanner.lnk - C:\Arquivos de programas\exedb\Exedb Anti Malware scanner\exedbantimalware.exe
C:\Documents and Settings\CASA\Desktop\FlashGet downloads.lnk - C:\Downloads
C:\Documents and Settings\CASA\Desktop\Format Factory.lnk - C:\Arquivos de programas\FreeTime\FormatFactory\FormatFactory.exe
C:\Documents and Settings\CASA\Desktop\Grand Chase.lnk - C:\Level Up Games\Grand Chase\GrandChase.exe
C:\Documents and Settings\CASA\Desktop\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Desktop\Movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Desktop\PaintTool SAI .lnk - C:\Arquivos de programas\Eddie Sekiguchi Softwares\PaintTool SAI\sai.exe
C:\Documents and Settings\CASA\Desktop\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Desktop\SnapPea.lnk - C:\Arquivos de programas\WandouLabs\wandoujia2.exe -from=desktop_default
C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Documents and Settings\All Users\Desktop\avast Free Antivirus.lnk -
C:\Documents and Settings\All Users\Desktop\Defraggler.lnk - C:\Arquivos de programas\Defraggler\Defraggler.exe
C:\Documents and Settings\All Users\Desktop\Elsword.lnk - C:\Level Up Games\Elsword\elsword.exe
C:\Documents and Settings\All Users\Desktop\Horizon.lnk - C:\Arquivos de programas\Daring Development\Horizon\v2\Horizon.exe
C:\Documents and Settings\All Users\Desktop\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk - C:\Arquivos de programas\MyDefrag v4.3.1\MyDefrag.exe
C:\Documents and Settings\All Users\Desktop\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\UltraISO.lnk - C:\Arquivos de programas\UltraISO\UltraISO.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Counter Strike Curitiba.lnk - C:\Arquivos de programas\Counter Strike 1.6\CS Curitiba.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Jogar - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Remover - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\remover.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Servidor - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini"
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Run Hunter Mode.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Uninstall.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Website.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\Uninstall.lnk - C:\Arquivos de programas\sXe Injected\uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server\Plex Media Server.lnk - C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
==== shortcuts After Repair ======================
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers.exe deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\CASA\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\CASA\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=118 folders=23 76892389 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\CASA\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on dom 11/05/2014 at 2:15:53,32 ======================
Tool run by CASA on dom 11/05/2014 at 1:38:05,40.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/5/2014 01:39:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:
Added to C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Documents and Settings\CASA\.android deleted
C:\Arquivos de programas\Wise\Wise Registry Cleaner deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\SaveSense deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted
C:\WINDOWS\DUMP5052.tmp deleted
C:\WINDOWS\DUMP51d9.tmp deleted
C:\WINDOWS\DUMP5bfa.tmp deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\tasks\At3.job deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\jetpack deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e" deleted
==== Folders Found ======================
2013-12-07 14:17:57 2013-12-07 14:17:57 -------- d-----w- C:\BaiduDownloads
2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2013-12-30 12:51:02 2013-12-30 12:51:03 -------- d-----w- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu
2013-10-17 20:45:31 2014-05-10 20:06:26 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2014-05-10 20:01:17 2014-05-10 20:01:17 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu
2013-10-17 20:45:43 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2013-10-17 20:46:17 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-19 20:09:05 2013-12-19 20:09:05 -------- d-----w- C:\Documents and Settings\CASA\Meus documentos\Baidu Security
2014-05-10 20:06:08 2014-05-10 21:58:29 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus
2013-10-17 20:45:44 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe
2013-10-18 14:35:26 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe
2013-10-18 14:35:27 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe
2013-10-18 14:35:29 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr
2013-10-18 14:35:29 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr
2013-10-18 14:26:13 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr
2013-12-17 16:25:22 2013-12-17 16:25:22 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb
==== Files Found ======================
--- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 276977
Created time: 2013-08-12 08:53:28
Modified time: 2013-10-17 20:48:51
MD5: 52F117EC12695BC4CA0D23DC6B04C4D0
SHA1: A23CDF0EFABCFCBBFC9E4E31A9B2450C3B254E8F
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 38199
Created time: 2013-10-18 14:32:46
Modified time: 2013-10-18 14:32:46
MD5: E34CC999DAEB385EEE69BD2F0CD751D0
SHA1: B5CD65072EC49F77B8EEACCEAF51026A3DF890BD
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 279579
Created time: 2013-08-12 08:53:30
Modified time: 2013-10-17 20:48:59
MD5: C3CBE9EF4B18574B3543751C63552058
SHA1: D98990408763E5EF3FEE7E1DE55F5643F58775CE
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 89926
Created time: 2013-10-18 14:33:00
Modified time: 2013-10-18 14:33:00
MD5: 206AA22DC62D561F3F843644004CA2F6
SHA1: 27881C4EAFC277B4AB45633E5FF7798470023F46
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 363517
Created time: 2013-08-12 08:53:34
Modified time: 2013-10-17 20:49:11
MD5: 168018466AA174B4DE480BC4425389E3
SHA1: F1635D18ED4B9FE58122C4E969BDE1679BE6B93E
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 37391
Created time: 2013-10-18 14:33:15
Modified time: 2013-10-18 14:33:15
MD5: 49FB585DD6A39C20DE43CAB747D226EE
SHA1: 369B2F302A74E2139A66F013DDB264E835F38700
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 16292
Created time: 2013-10-18 14:34:42
Modified time: 2013-10-18 14:34:42
MD5: 9040D6DE24A6B194CE1B826825525B75
SHA1: 61BAA22D268C54ECF30131D04EC9AC662FF49903
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAndrHelper.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 260800
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: 36A0486F3BB35344A93BE76D97C0F94C
SHA1: AAFB3B7D6F27379B4267CF8805AF5358CBF74B5F
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduBatteryDoctor.exe ---
Company: Baidu Inc.
File Description: Battery Doctor
File Version: 4,0,2,53249
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 531648
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: E8B62AC3A377013D600A7F708083B6A4
SHA1: 5D9A7A76CFCA9AF6D75FFDC5DB423C3E6C79F3AD
--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduWifiSharing.exe ---
Company: Baidu Inc.
File Description: Baidu Wifi Sharing
File Version: 4,0,2,53323
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 524992
Created time: 2013-12-13 06:09:42
Modified time: 2013-12-13 06:09:42
MD5: 6EBD57BE7EE1C50F2A48C4E6B1A1A18D
SHA1: 086E873FA44B1F0C3327C93DCA791CFDFF83D18A
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="baidu"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"="Baidu Antivirus Mini Setup"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"="Baidu Antivirus Mini Setup"
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"="Baidu Antivirus Setup"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [20/12/2013 23:35]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
- AVG PrivacyFix - %ProfilePath%\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
785105A23650755A8F7A72405EB0D923 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
AC987EE8037531807C5D7E6217A23501 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6768C724599214E4F9ADD9F8FF5097EB - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
01E4DA82C518853EF3B16209C038D7B9 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
A64F2C388DC26BE3E469EDC3657B14F4 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CE6DB25FFA35FD051C503F11DB745862 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll - Silverlight Plug-In
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
65BB0A5EF842C9C85646040F7EFEF91C - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrlui.dll - Microsoft (R) Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fplhdcjmbpfkejbhngmlngaecbjmoimd - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx[25/02/2013 07:09]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://find.localstrike.net/"
"Default_Search_URL"="http://find.localstrike.net/"
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://find.localstrike.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Desktop\EVEREST Ultimate Edition.lnk - C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\CASA\Desktop\Exedb Anti Malware Scanner.lnk - C:\Arquivos de programas\exedb\Exedb Anti Malware scanner\exedbantimalware.exe
C:\Documents and Settings\CASA\Desktop\FlashGet downloads.lnk - C:\Downloads
C:\Documents and Settings\CASA\Desktop\Format Factory.lnk - C:\Arquivos de programas\FreeTime\FormatFactory\FormatFactory.exe
C:\Documents and Settings\CASA\Desktop\Grand Chase.lnk - C:\Level Up Games\Grand Chase\GrandChase.exe
C:\Documents and Settings\CASA\Desktop\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Desktop\Movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Desktop\PaintTool SAI .lnk - C:\Arquivos de programas\Eddie Sekiguchi Softwares\PaintTool SAI\sai.exe
C:\Documents and Settings\CASA\Desktop\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Desktop\SnapPea.lnk - C:\Arquivos de programas\WandouLabs\wandoujia2.exe -from=desktop_default
C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Documents and Settings\All Users\Desktop\avast Free Antivirus.lnk -
C:\Documents and Settings\All Users\Desktop\Defraggler.lnk - C:\Arquivos de programas\Defraggler\Defraggler.exe
C:\Documents and Settings\All Users\Desktop\Elsword.lnk - C:\Level Up Games\Elsword\elsword.exe
C:\Documents and Settings\All Users\Desktop\Horizon.lnk - C:\Arquivos de programas\Daring Development\Horizon\v2\Horizon.exe
C:\Documents and Settings\All Users\Desktop\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk - C:\Arquivos de programas\MyDefrag v4.3.1\MyDefrag.exe
C:\Documents and Settings\All Users\Desktop\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\All Users\Desktop\UltraISO.lnk - C:\Arquivos de programas\UltraISO\UltraISO.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Counter Strike Curitiba.lnk - C:\Arquivos de programas\Counter Strike 1.6\CS Curitiba.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Jogar - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Remover - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\remover.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Servidor - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini"
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Run Hunter Mode.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Uninstall.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Website.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\Uninstall.lnk - C:\Arquivos de programas\sXe Injected\uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server\Plex Media Server.lnk - C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
==== shortcuts After Repair ======================
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers.exe deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\CASA\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\CASA\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=118 folders=23 76892389 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\CASA\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on dom 11/05/2014 at 2:15:53,32 ======================
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 11:05
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 11 maio 2014, 13:08, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 12:03
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at 11:43:54,12.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-11-051553.log 35791 bytes
==== System Restore Info ======================
11/5/2014 11:46:58 Zoek.exe System Restore Point Created Succesfully.
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"=-
==== Deleting Files \ Folders ======================
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb not found
C:\BaiduDownloads deleted
C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security deleted
C:\Documents and Settings\All Users\Documentos\Baidu deleted
C:\Documents and Settings\All Users\Documentos\Baidu Security deleted
C:\Documents and Settings\CASA\Meus documentos\Baidu Security deleted
"C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security" deleted
==== Folders Found ======================
2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2014-05-11 14:48:13 2014-05-11 14:48:13 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu
2014-05-11 14:48:12 2013-12-07 14:17:57 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-11 14:48:13 2014-05-11 14:48:49 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-05-11 14:48:51 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Meus documentos_Baidu Security
2014-05-11 14:48:59 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu_Baidu-TB-ASBar.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:49:01
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:48:13
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=309 folders=81 389662089 bytes)
==== EOF on dom 11/05/2014 at 11:52:22,09 ======================
Tool run by CASA on dom 11/05/2014 at 11:43:54,12.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-11-051553.log 35791 bytes
==== System Restore Info ======================
11/5/2014 11:46:58 Zoek.exe System Restore Point Created Succesfully.
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"=-
==== Deleting Files \ Folders ======================
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb not found
C:\BaiduDownloads deleted
C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security deleted
C:\Documents and Settings\All Users\Documentos\Baidu deleted
C:\Documents and Settings\All Users\Documentos\Baidu Security deleted
C:\Documents and Settings\CASA\Meus documentos\Baidu Security deleted
"C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security" deleted
==== Folders Found ======================
2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2014-05-11 14:48:13 2014-05-11 14:48:13 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu
2014-05-11 14:48:12 2013-12-07 14:17:57 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-11 14:48:13 2014-05-11 14:48:49 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-05-11 14:48:51 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Meus documentos_Baidu Security
2014-05-11 14:48:59 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu_Baidu-TB-ASBar.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:49:01
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:48:13
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=309 folders=81 389662089 bytes)
==== EOF on dom 11/05/2014 at 11:52:22,09 ======================
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 12:05
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 11 maio 2014, 13:09, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 12:37
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at 12:11:41,04.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-11-051553.log 35791 bytes
C:\zoek-results2014-05-11-145222.log 12274 bytes
==== System Restore Info ======================
11/5/2014 12:12:42 Zoek.exe System Restore Point Created Succesfully.
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=309 folders=81 389662089 bytes)
==== EOF on dom 11/05/2014 at 12:13:46,04 ======================
Tool run by CASA on dom 11/05/2014 at 12:11:41,04.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-11-051553.log 35791 bytes
C:\zoek-results2014-05-11-145222.log 12274 bytes
==== System Restore Info ======================
11/5/2014 12:12:42 Zoek.exe System Restore Point Created Succesfully.
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=309 folders=81 389662089 bytes)
==== EOF on dom 11/05/2014 at 12:13:46,04 ======================
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 12:44
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 13:08
~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman (11/5/2014)
~ Iniciado por CASA (11/5/2014 12:55:14)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
---\\ Softwares d'optimização do sistema
CCleaner v4.00
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4247
~ Menu demarrer (Programs) : 1/55
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7874048] [PID.4028]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Memory Optimizer.lnk . (.Softorino - Memory Optimizer Pro.) -- C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe =>PUP.OptimizerPro
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [450]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\WINDOWS\system32\drivers\bnbase.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 21/12/2013 - 13:35:28 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 12:03:59 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DA5F0574BF8D47E4889F260C77ADBEB8] - 10/5/2014 - 17:07:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys [155968]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb [278071812]
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.443B1929FB74D90FE82F724A0D826224] - 29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys [45888]
O44 - LFC:[MD5.26F863F9D8AB9F2558B07C4B1619466C] - 29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys [29504] =>Adware.BDSearch
O44 - LFC:[MD5.FC8BB46FF549611FCCA66590277BB21B] - 29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys [58784]
O44 - LFC:[MD5.A1672C26F42DA344C840D72F80FCE096] - 29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys [51616]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 21 Legitimates Filtered in 00mn 11s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{56d8ed66-3e86-11e3-8ff5-001617f4fbda}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys [45888]
O58 - SDL:29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys [29504] =>Adware.BDSearch
O58 - SDL:29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [94976]
O58 - SDL:29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys [58784]
O58 - SDL:29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys [51616]
O58 - SDL:14/4/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys [155968]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 98 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/4/2014 - C:\WINDOWS\system32\drivers\bnbase.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
~ Legacy: 156 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe [1340496] =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe [1340496] =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 5131 Legitimates Filtered in 00mn 13s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 9
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
C:\Documents and Settings\CASA\Desktop\utorrent(1).exe =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe =>P2P.BitTorrent^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 234600 Items scanned in 01mn 14s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 3 link(s) detected in 00mn 00s
~ 956 Legitimates filtered by white list
End of the scan (540 lines in 02mn 36s)(0)
~ Iniciado por CASA (11/5/2014 12:55:14)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
---\\ Softwares d'optimização do sistema
CCleaner v4.00
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4247
~ Menu demarrer (Programs) : 1/55
~ Hidden Files: Scanned in 00mn 09s
---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7874048] [PID.4028]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Memory Optimizer.lnk . (.Softorino - Memory Optimizer Pro.) -- C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe =>PUP.OptimizerPro
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [450]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\WINDOWS\system32\drivers\bnbase.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 21/12/2013 - 13:35:28 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 12:03:59 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DA5F0574BF8D47E4889F260C77ADBEB8] - 10/5/2014 - 17:07:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys [155968]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb [278071812]
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.443B1929FB74D90FE82F724A0D826224] - 29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys [45888]
O44 - LFC:[MD5.26F863F9D8AB9F2558B07C4B1619466C] - 29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys [29504] =>Adware.BDSearch
O44 - LFC:[MD5.FC8BB46FF549611FCCA66590277BB21B] - 29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys [58784]
O44 - LFC:[MD5.A1672C26F42DA344C840D72F80FCE096] - 29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys [51616]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 21 Legitimates Filtered in 00mn 11s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{56d8ed66-3e86-11e3-8ff5-001617f4fbda}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys [45888]
O58 - SDL:29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys [29504] =>Adware.BDSearch
O58 - SDL:29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys [94976]
O58 - SDL:29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys [58784]
O58 - SDL:29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys [51616]
O58 - SDL:14/4/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys [155968]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 98 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/4/2014 - C:\WINDOWS\system32\drivers\bnbase.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
~ Legacy: 156 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe [1340496] =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe [1340496] =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 5131 Legitimates Filtered in 00mn 13s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 9
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
C:\Documents and Settings\CASA\Desktop\utorrent(1).exe =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe =>P2P.BitTorrent^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher) =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand) =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class) =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class) =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory) =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 234600 Items scanned in 01mn 14s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 3 link(s) detected in 00mn 00s
~ 956 Legitimates filtered by white list
End of the scan (540 lines in 02mn 36s)(0)
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 13:25
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 11 maio 2014, 16:34, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 13:40
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by CASA at 11/5/2014 13:39:03
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BNBASE Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ CLSID MPSK: {56d8ed66-3e86-11e3-8ff5-001617f4fbda}
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1}
ELIMINÉ RunValue: KernelFaultCheck
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\documents and settings\all users\desktop\memory optimizer.lnk
ELIMINÉ: c:\arquivos de programas\memory optimizer\memoptimizerpro.exe
ELIMINÉ: c:\windows\tasks\060184c3-9766-46a0-b258-f4518a0b2633.job
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bnbase.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ Temporários windows (2) (6.124 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
10 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
11 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 13s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2392]
Fichier d'export Registre :
Run by CASA at 11/5/2014 13:39:03
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BNBASE Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ CLSID MPSK: {56d8ed66-3e86-11e3-8ff5-001617f4fbda}
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1}
ELIMINÉ RunValue: KernelFaultCheck
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\documents and settings\all users\desktop\memory optimizer.lnk
ELIMINÉ: c:\arquivos de programas\memory optimizer\memoptimizerpro.exe
ELIMINÉ: c:\windows\tasks\060184c3-9766-46a0-b258-f4518a0b2633.job
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bnbase.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ Temporários windows (2) (6.124 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
10 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
11 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 13s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2392]
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 13:46
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 14:00
~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman (11/5/2014)
~ Iniciado por CASA (11/5/2014 13:55:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
---\\ Softwares d'optimização do sistema
CCleaner v4.00
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4248
~ Menu demarrer (Programs) : 1/55
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7874048] [PID.572]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
~ Drivers: 70 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 11/5/2014 - 13:38:59 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 13:41:42 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb [278071812]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 15 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 92 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe [1340496] =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe [1340496] =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
C:\Documents and Settings\CASA\Desktop\utorrent(1).exe =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 234544 Items scanned in 00mn 48s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 947 Legitimates filtered by white list
End of the scan (484 lines in 01mn 45s)(0)
~ Iniciado por CASA (11/5/2014 13:55:56)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
---\\ Softwares d'optimização do sistema
CCleaner v4.00
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4248
~ Menu demarrer (Programs) : 1/55
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7874048] [PID.572]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
~ Drivers: 70 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 11/5/2014 - 13:38:59 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 13:41:42 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb [278071812]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 15 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 92 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe [1340496] =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe [1340496] =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 | (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
C:\Documents and Settings\CASA\Desktop\utorrent(1).exe =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 234544 Items scanned in 00mn 48s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 947 Legitimates filtered by white list
End of the scan (484 lines in 01mn 45s)(0)
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 14:05
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
_________________________________________________________________________________________________________
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version
Execute o Farbar seguindo as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta juntamente com o relatório do ZHPFix. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Última edição por Power Max em Dom 11 maio 2014, 16:33, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 14:20
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by CASA at 11/5/2014 14:15:22
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 01s)
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (3.072 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 08s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2492]
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 11/5/2014 14:15:24 [920]
Fichier d'export Registre :
Run by CASA at 11/5/2014 14:15:22
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 01s)
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (3.072 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 08s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2492]
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 11/5/2014 14:15:24 [920]
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 14:21
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by CASA (administrator) on CASA-CE19F7E264 on 11-05-2014 14:15:57
Running from C:\Documents and Settings\CASA\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(AVAST Software) C:\ARQUIV~1\ALWILS~1\Avast5\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Microsoft Corporation) C:\Arquivos de programas\Messenger\msmsgs.exe
(Oracle Corporation) C:\Arquivos de programas\Java\jre7\bin\jqs.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mep.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avast5] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7311360 2006-07-24] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Run: [MSMSGS] => C:\Arquivos de programas\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - E&ndereço - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: AVG PrivacyFix - C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-05-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF [2013-08-03]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Pesquisa do Google) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (avast! Ad Blocker) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-11-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-08-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-13] (AVAST Software)
R2 EPSON_EB_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
R2 JavaQuickStarterService; C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696 2013-12-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-10] (Mozilla Foundation)
R2 MyEpson Portal Service; C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480 2009-12-04] (SEIKO EPSON CORPORATION)
S3 NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5403030 2014-01-06] (INCA Internet Co., Ltd.)
S3 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SkypeUpdate; C:\Arquivos de programas\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S3 Steam Client Service; C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe [565672 2013-09-06] (Valve Corporation)
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-14] (VIA Technologies, Inc. )
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2013-12-24] (Highresolution Enterprises [[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PsSdk41; C:\WINDOWS\system32\Drivers\pssdk41.sys [36928 2013-08-19] (microOLAP Technologies LTD)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S2 aswFsBlk; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
S3 XDva409; \??\C:\WINDOWS\system32\XDva409.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 14:15 - 2014-05-11 14:16 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:12 - 2014-05-11 14:13 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 12:51 - 2014-05-11 14:15 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:12 - 2014-05-11 11:52 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:46 - 2014-05-11 02:15 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 01:39 - 2014-05-11 12:13 - 00002546 _____ () C:\zoek-results.log
2014-05-11 01:35 - 2014-05-11 11:49 - 00000000 ____D () C:\zoek_backup
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-10 21:52 - 2014-05-10 21:55 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:48 - 2014-05-10 21:49 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 21:02 - 2014-05-11 13:41 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-10 16:07 - 2014-05-10 16:08 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-10 15:03 - 2014-05-03 07:12 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-09 21:17 - 2014-05-05 12:23 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-08 22:47 - 2014-05-06 04:46 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-29 10:29 - 2014-05-03 14:57 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-04-27 14:32 - 2014-04-18 15:17 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-27 14:27 - 2014-04-27 14:41 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-20 18:59 - 2014-04-18 15:17 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 20:01 - 2012-06-16 12:30 - 311164390 _____ () C:\Documents and Settings\CASA\Desktop\Proje-X-qpa.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-17 21:54 - 2014-05-11 02:34 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:46 - 2014-04-17 22:05 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group
==================== One Month Modified Files and Folders =======
2014-05-11 14:16 - 2014-05-11 14:15 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:15 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 14:13 - 2014-05-11 14:12 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:56 - 2013-07-20 13:59 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 13:41 - 2014-05-10 21:02 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 13:38 - 2013-12-21 13:35 - 00000000 ____D () C:\Arquivos de programas\Memory Optimizer
2014-05-11 12:54 - 2014-05-11 12:51 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:51 - 2013-07-20 12:57 - 00000000 __RHD () C:\Documents and Settings\CASA\Dados de aplicativos
2014-05-11 12:51 - 2013-07-20 09:39 - 00000000 ___RD () C:\Arquivos de programas
2014-05-11 12:51 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Iniciar\Programas
2014-05-11 12:13 - 2014-05-11 01:39 - 00002546 _____ () C:\zoek-results.log
2014-05-11 12:04 - 2014-02-08 13:37 - 00032284 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-11 12:04 - 2013-07-20 23:59 - 00001014 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job
2014-05-11 11:52 - 2014-05-11 12:12 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:49 - 2014-05-11 01:35 - 00000000 ____D () C:\zoek_backup
2014-05-11 11:49 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos
2014-05-11 11:49 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Documentos
2014-05-11 11:49 - 2013-07-20 09:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Dados de aplicativos
2014-05-11 11:45 - 2013-08-03 14:22 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-11 11:40 - 2014-02-08 13:37 - 00000298 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 11:39 - 2014-02-08 13:37 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 11:39 - 2013-08-08 22:48 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-08-07 15:38 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-07-20 13:59 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:39 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
2014-05-11 11:39 - 2013-07-20 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 02:34 - 2014-04-17 21:54 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 02:34 - 2013-07-20 12:57 - 00000210 ___SH () C:\Documents and Settings\CASA\ntuser.ini
2014-05-11 02:15 - 2014-05-11 11:46 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:15 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 02:10 - 2013-07-20 12:57 - 00000000 ____D () C:\Documents and Settings\CASA
2014-05-11 02:10 - 2013-07-20 12:56 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-11 01:57 - 2013-12-21 13:34 - 00000000 ____D () C:\Arquivos de programas\Wise
2014-05-11 01:57 - 2013-07-20 12:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dados de aplicativos
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:55 - 2014-05-10 21:52 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos
2014-05-10 21:49 - 2014-05-10 21:48 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:15 - 2013-07-27 21:36 - 00000000 ____D () C:\Arquivos de programas\Steam
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 17:56 - 2013-07-20 22:55 - 00000000 ____D () C:\Arquivos de programas\Mozilla Maintenance Service
2014-05-10 17:40 - 2013-08-08 22:48 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-10 16:08 - 2014-05-10 16:07 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-09 11:20 - 2013-10-25 17:00 - 00000116 ____C () C:\WINDOWS\NeroDigital.ini
2014-05-08 22:53 - 2013-08-07 15:38 - 00000300 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-06 20:28 - 2001-10-28 12:07 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-06 04:46 - 2014-05-08 22:47 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-05-05 12:23 - 2014-05-09 21:17 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-04 21:02 - 2013-07-31 23:08 - 00847872 ___SH () C:\Documents and Settings\CASA\Desktop\Thumbs.db
2014-05-04 00:04 - 2013-07-20 23:59 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job
2014-05-03 14:57 - 2014-04-29 10:29 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-05-03 07:12 - 2014-05-10 15:03 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 21:12 - 2014-01-26 15:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-27 15:57 - 2013-07-20 12:48 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-27 15:22 - 2013-12-21 13:35 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SoftorinoUpdates
2014-04-27 14:41 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-26 16:22 - 2013-09-06 17:32 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk
2014-04-25 22:48 - 2013-08-08 22:48 - 00000340 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-04-25 20:41 - 2013-07-20 12:56 - 00000210 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2014-04-25 20:35 - 2013-12-20 23:34 - 00741624 _____ () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2014-04-25 20:35 - 2013-07-20 12:56 - 00000000 ___HD () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-18 15:17 - 2014-04-27 14:32 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 15:17 - 2014-04-20 18:59 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-18 12:47 - 2013-09-03 21:24 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-04-17 22:05 - 2014-04-17 21:46 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group
2014-04-12 21:54 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos\Minhas imagens
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 1035776 ____A (Microsoft Corporation) 064ec7ff5f58b928c3e119402977fa6d
C:\WINDOWS\system32\winlogon.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0509952 ____A (Microsoft Corporation) 71d440f79b711627b12b567fb2eadb42
C:\WINDOWS\system32\svchost.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0014336 ____A (Microsoft Corporation) ed2d69cd4b0ebe37efe11d4dc4abc68f
C:\WINDOWS\system32\services.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0109056 ____A (Microsoft Corporation) ee7999baaca84cfaa03726e677ee2a33
C:\WINDOWS\system32\User32.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0579072 ____A (Microsoft Corporation) 54907db28872a7a6d3ee2b4747a23828
C:\WINDOWS\system32\userinit.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0026112 ____A (Microsoft Corporation) a7ea40f680163808d96f89b4ff991876
C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0399360 ____A (Microsoft Corporation) e34a1b6160a90c7cb90bf2ee8d6ad921
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 21:37] - [2008-04-13 18:53] - 0053248 ____A (Microsoft Corporation) eb6b1e2c984d84470ff4fe7ef98cd44a
==================== End Of Log ============================
Ran by CASA (administrator) on CASA-CE19F7E264 on 11-05-2014 14:15:57
Running from C:\Documents and Settings\CASA\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(AVAST Software) C:\ARQUIV~1\ALWILS~1\Avast5\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Microsoft Corporation) C:\Arquivos de programas\Messenger\msmsgs.exe
(Oracle Corporation) C:\Arquivos de programas\Java\jre7\bin\jqs.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mep.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avast5] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7311360 2006-07-24] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Run: [MSMSGS] => C:\Arquivos de programas\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - E&ndereço - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: AVG PrivacyFix - C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-05-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF [2013-08-03]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Pesquisa do Google) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (avast! Ad Blocker) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-11-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-08-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-13] (AVAST Software)
R2 EPSON_EB_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
R2 JavaQuickStarterService; C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696 2013-12-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-10] (Mozilla Foundation)
R2 MyEpson Portal Service; C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480 2009-12-04] (SEIKO EPSON CORPORATION)
S3 NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5403030 2014-01-06] (INCA Internet Co., Ltd.)
S3 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SkypeUpdate; C:\Arquivos de programas\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S3 Steam Client Service; C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe [565672 2013-09-06] (Valve Corporation)
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-14] (VIA Technologies, Inc. )
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2013-12-24] (Highresolution Enterprises [[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PsSdk41; C:\WINDOWS\system32\Drivers\pssdk41.sys [36928 2013-08-19] (microOLAP Technologies LTD)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S2 aswFsBlk; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
S3 XDva409; \??\C:\WINDOWS\system32\XDva409.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 14:15 - 2014-05-11 14:16 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:12 - 2014-05-11 14:13 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 12:51 - 2014-05-11 14:15 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:12 - 2014-05-11 11:52 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:46 - 2014-05-11 02:15 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 01:39 - 2014-05-11 12:13 - 00002546 _____ () C:\zoek-results.log
2014-05-11 01:35 - 2014-05-11 11:49 - 00000000 ____D () C:\zoek_backup
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-10 21:52 - 2014-05-10 21:55 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:48 - 2014-05-10 21:49 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 21:02 - 2014-05-11 13:41 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-10 16:07 - 2014-05-10 16:08 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-10 15:03 - 2014-05-03 07:12 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-09 21:17 - 2014-05-05 12:23 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-08 22:47 - 2014-05-06 04:46 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-29 10:29 - 2014-05-03 14:57 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-04-27 14:32 - 2014-04-18 15:17 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-27 14:27 - 2014-04-27 14:41 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-20 18:59 - 2014-04-18 15:17 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 20:01 - 2012-06-16 12:30 - 311164390 _____ () C:\Documents and Settings\CASA\Desktop\Proje-X-qpa.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-17 21:54 - 2014-05-11 02:34 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:46 - 2014-04-17 22:05 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group
==================== One Month Modified Files and Folders =======
2014-05-11 14:16 - 2014-05-11 14:15 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:15 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 14:13 - 2014-05-11 14:12 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:56 - 2013-07-20 13:59 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 13:41 - 2014-05-10 21:02 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 13:38 - 2013-12-21 13:35 - 00000000 ____D () C:\Arquivos de programas\Memory Optimizer
2014-05-11 12:54 - 2014-05-11 12:51 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:51 - 2013-07-20 12:57 - 00000000 __RHD () C:\Documents and Settings\CASA\Dados de aplicativos
2014-05-11 12:51 - 2013-07-20 09:39 - 00000000 ___RD () C:\Arquivos de programas
2014-05-11 12:51 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Iniciar\Programas
2014-05-11 12:13 - 2014-05-11 01:39 - 00002546 _____ () C:\zoek-results.log
2014-05-11 12:04 - 2014-02-08 13:37 - 00032284 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-11 12:04 - 2013-07-20 23:59 - 00001014 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job
2014-05-11 11:52 - 2014-05-11 12:12 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:49 - 2014-05-11 01:35 - 00000000 ____D () C:\zoek_backup
2014-05-11 11:49 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos
2014-05-11 11:49 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Documentos
2014-05-11 11:49 - 2013-07-20 09:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Dados de aplicativos
2014-05-11 11:45 - 2013-08-03 14:22 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-11 11:40 - 2014-02-08 13:37 - 00000298 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 11:39 - 2014-02-08 13:37 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 11:39 - 2013-08-08 22:48 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-08-07 15:38 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-07-20 13:59 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:39 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
2014-05-11 11:39 - 2013-07-20 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 02:34 - 2014-04-17 21:54 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 02:34 - 2013-07-20 12:57 - 00000210 ___SH () C:\Documents and Settings\CASA\ntuser.ini
2014-05-11 02:15 - 2014-05-11 11:46 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:15 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 02:10 - 2013-07-20 12:57 - 00000000 ____D () C:\Documents and Settings\CASA
2014-05-11 02:10 - 2013-07-20 12:56 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-11 01:57 - 2013-12-21 13:34 - 00000000 ____D () C:\Arquivos de programas\Wise
2014-05-11 01:57 - 2013-07-20 12:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dados de aplicativos
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:55 - 2014-05-10 21:52 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos
2014-05-10 21:49 - 2014-05-10 21:48 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:15 - 2013-07-27 21:36 - 00000000 ____D () C:\Arquivos de programas\Steam
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 17:56 - 2013-07-20 22:55 - 00000000 ____D () C:\Arquivos de programas\Mozilla Maintenance Service
2014-05-10 17:40 - 2013-08-08 22:48 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-10 16:08 - 2014-05-10 16:07 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-09 11:20 - 2013-10-25 17:00 - 00000116 ____C () C:\WINDOWS\NeroDigital.ini
2014-05-08 22:53 - 2013-08-07 15:38 - 00000300 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-06 20:28 - 2001-10-28 12:07 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-06 04:46 - 2014-05-08 22:47 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-05-05 12:23 - 2014-05-09 21:17 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-04 21:02 - 2013-07-31 23:08 - 00847872 ___SH () C:\Documents and Settings\CASA\Desktop\Thumbs.db
2014-05-04 00:04 - 2013-07-20 23:59 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job
2014-05-03 14:57 - 2014-04-29 10:29 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-05-03 07:12 - 2014-05-10 15:03 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 21:12 - 2014-01-26 15:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-27 15:57 - 2013-07-20 12:48 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-27 15:22 - 2013-12-21 13:35 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SoftorinoUpdates
2014-04-27 14:41 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-26 16:22 - 2013-09-06 17:32 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk
2014-04-25 22:48 - 2013-08-08 22:48 - 00000340 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-04-25 20:41 - 2013-07-20 12:56 - 00000210 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2014-04-25 20:35 - 2013-12-20 23:34 - 00741624 _____ () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2014-04-25 20:35 - 2013-07-20 12:56 - 00000000 ___HD () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-18 15:17 - 2014-04-27 14:32 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 15:17 - 2014-04-20 18:59 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-18 12:47 - 2013-09-03 21:24 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-04-17 22:05 - 2014-04-17 21:46 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group
2014-04-12 21:54 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos\Minhas imagens
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 1035776 ____A (Microsoft Corporation) 064ec7ff5f58b928c3e119402977fa6d
C:\WINDOWS\system32\winlogon.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0509952 ____A (Microsoft Corporation) 71d440f79b711627b12b567fb2eadb42
C:\WINDOWS\system32\svchost.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0014336 ____A (Microsoft Corporation) ed2d69cd4b0ebe37efe11d4dc4abc68f
C:\WINDOWS\system32\services.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0109056 ____A (Microsoft Corporation) ee7999baaca84cfaa03726e677ee2a33
C:\WINDOWS\system32\User32.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0579072 ____A (Microsoft Corporation) 54907db28872a7a6d3ee2b4747a23828
C:\WINDOWS\system32\userinit.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0026112 ____A (Microsoft Corporation) a7ea40f680163808d96f89b4ff991876
C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0399360 ____A (Microsoft Corporation) e34a1b6160a90c7cb90bf2ee8d6ad921
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 21:37] - [2008-04-13 18:53] - 0053248 ____A (Microsoft Corporation) eb6b1e2c984d84470ff4fe7ef98cd44a
==================== End Of Log ============================
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 14:22
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014
Ran by CASA at 2014-05-11 14:16:58
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
ClPhpEd(remove only) (HKLM\...\ClPhpEd) (Version: - )
Counter Strike 1.6 - 2013 (HKLM\...\Counter Strike 1.6 - 2013) (Version: - )
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Desinstalar impressora EPSON TX220 Series (HKLM\...\EPSON TX220 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - FinalWire Ltd.)
Exedb Anti Malware Scanner (HKLM\...\Exedb Anti Malware Scanner) (Version: 1.6 - File Info)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FormatFactory 3.2.0.1 (HKLM\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Gerenciador de Downloads (HKCU\...\a54e16f5d00985b6) (Version: 0.9.3.106 - Level Up! Gerenciador)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Horizon v2.7.6.2 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.6.2 - Daring Development Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Memory Optimizer version 1.2.0 (HKLM\...\{223235FD-A039-4A37-9115-4776E93EEA8B}_is1) (Version: 1.2.0 - Softorino)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB (HKLM\...\{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB (HKLM\...\{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MiPony 2.0.2 (HKLM\...\MiPony) (Version: 2.0.2 - )
Movier 1.0.19 (HKLM\...\Movier) (Version: 1.0.19 - )
Mozilla Firefox 29.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 29.0.1 (x86 pt-BR)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Hidden
Mz Game Accelerator (HKLM\...\MzGameAccelerator_is1) (Version: 1.1.0 - Mz Game Accelerator)
Nero 7 Ultra Edition (HKLM\...\{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1046}) (Version: 7.02.2780 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb) (Version: - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PaintTool SAI (HKLM\...\PaintTool SAI1.1.0) (Version: 1.1.0 - Eddie Sekiguchi Softwares)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Pid (HKLM\...\Steam App 218740) (Version: - Might and Delight)
Platform (Version: 1.21 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Plex Media Server (Version: 0.9.907 - Plex, Inc.) Hidden
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SnapPea (HKLM\...\Wandoujia2) (Version: - Wandou Labs)
Songr (HKCU\...\Songr) (Version: 2.0.2111 - Xamasoft)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
sXe Injected (HKLM\...\sXe Injected) (Version: 15.1.1.0 - Alejandro Cortés)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
UltraISO Premium V9.6 (HKLM\...\UltraISO_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144515 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.91 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.91 - WiseCleaner.com, Inc.)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Restore Points =========================
05-04-2014 10:48:15 Ponto de verificação do sistema
05-04-2014 18:54:44 Ponto de verificação do sistema
07-04-2014 14:58:38 Ponto de verificação do sistema
18-04-2014 00:39:35 Revo Uninstaller's restore point - Counter Strike 1.6 - 2013
20-04-2014 16:53:10 Ponto de verificação do sistema
27-04-2014 13:51:35 Ponto de verificação do sistema
27-04-2014 14:36:19 Plex Media Server
27-04-2014 17:25:41 Plex Media Server
29-04-2014 02:20:55 Ponto de verificação do sistema
30-04-2014 15:28:15 avast! antivirus system restore point
03-05-2014 22:35:14 Ponto de verificação do sistema
05-05-2014 23:08:03 Ponto de verificação do sistema
08-05-2014 23:58:26 Ponto de verificação do sistema
10-05-2014 19:24:26 Ponto de verificação do sistema
10-05-2014 21:04:20 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:05:22 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:06:10 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:32:17 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:37:24 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:45:10 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:50:08 Revo Uninstaller's restore point - sXe Injected
11-05-2014 04:39:33 zoek.exe restore point
11-05-2014 14:46:58 zoek.exe restore point
11-05-2014 15:12:42 zoek.exe restore point
11-05-2014 16:38:57 ZHPFix Restore System Point
11-05-2014 17:15:21 ZHPFix Restore System Point
==================== Hosts content: ==========================
2001-10-28 12:06 - 2014-05-11 01:39 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2013-07-20 14:58 - 2006-07-24 23:33 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2012-06-18 12:24 - 2012-06-18 12:24 - 00260096 _____ () C:\Arquivos de programas\Notepad++\NppShell_05.dll
2014-05-11 11:41 - 2014-05-11 03:04 - 02253312 _____ () C:\Arquivos de programas\Alwil Software\Avast5\defs\14051100\algo.dll
2014-01-13 16:44 - 2014-01-13 16:44 - 19336120 _____ () C:\Arquivos de programas\Alwil Software\Avast5\libcef.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^CASA^Menu Iniciar^Programas^Inicializar^wandoujia_helper.lnk => C:\WINDOWS\pss\wandoujia_helper.lnkStartup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: EEventManager => "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON TX220 Series => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDL.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: MSMSGS => "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Skype => "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 10:12:02 PM) (Source: SecurityCenter) (User: ) (EventID: 1802)
Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Firewall e Antivírus de terceiros.
Error: (04/21/2014 10:12:02 PM) (Source: WinMgmt) (User: ) (EventID: 28)
Description: O WinMgmt não pôde inicializar as partes principais. Isso pode ter ocorrido devido a uma versão mal instalada do WinMgmt, a falha de atualização do respositório do WinMgmt ou a memória insuficiente.
Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2006)
Description: Não foi possível ler dados de desempenho da fila do servidor a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é DWORD 2.
Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2005)
Description: Não foi possível ler dados de desempenho a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é o DWORD 2.
System errors:
=============
Error: (05/11/2014 11:48:04 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BPROTECT\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:47:59 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BNDEF\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:47:48 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BHBASE\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:39:56 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 02:15:25 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 02:15:24 AM) (Source: Print) (User: AUTORIDADE NT) (EventID: 19)
Description: Falha ao compartilhar impressora: + 1722; impressora EPSON TX220 Series, nome de compartilhamento EPSONTX2.
Error: (05/11/2014 01:23:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Error: (05/11/2014 01:18:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At2.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Error: (05/11/2014 00:56:08 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 00:23:19 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 1534.42 MB
Available physical RAM: 1042.34 MB
Total Pagefile: 3430.64 MB
Available Pagefile: 3100.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:10.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 0BA80BA8)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ran by CASA at 2014-05-11 14:16:58
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
ClPhpEd(remove only) (HKLM\...\ClPhpEd) (Version: - )
Counter Strike 1.6 - 2013 (HKLM\...\Counter Strike 1.6 - 2013) (Version: - )
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Desinstalar impressora EPSON TX220 Series (HKLM\...\EPSON TX220 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - FinalWire Ltd.)
Exedb Anti Malware Scanner (HKLM\...\Exedb Anti Malware Scanner) (Version: 1.6 - File Info)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FormatFactory 3.2.0.1 (HKLM\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Gerenciador de Downloads (HKCU\...\a54e16f5d00985b6) (Version: 0.9.3.106 - Level Up! Gerenciador)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Horizon v2.7.6.2 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.6.2 - Daring Development Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Memory Optimizer version 1.2.0 (HKLM\...\{223235FD-A039-4A37-9115-4776E93EEA8B}_is1) (Version: 1.2.0 - Softorino)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB (HKLM\...\{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB (HKLM\...\{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
MiPony 2.0.2 (HKLM\...\MiPony) (Version: 2.0.2 - )
Movier 1.0.19 (HKLM\...\Movier) (Version: 1.0.19 - )
Mozilla Firefox 29.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 29.0.1 (x86 pt-BR)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Hidden
Mz Game Accelerator (HKLM\...\MzGameAccelerator_is1) (Version: 1.1.0 - Mz Game Accelerator)
Nero 7 Ultra Edition (HKLM\...\{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1046}) (Version: 7.02.2780 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb) (Version: - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PaintTool SAI (HKLM\...\PaintTool SAI1.1.0) (Version: 1.1.0 - Eddie Sekiguchi Softwares)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Pid (HKLM\...\Steam App 218740) (Version: - Might and Delight)
Platform (Version: 1.21 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Plex Media Server (Version: 0.9.907 - Plex, Inc.) Hidden
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SnapPea (HKLM\...\Wandoujia2) (Version: - Wandou Labs)
Songr (HKCU\...\Songr) (Version: 2.0.2111 - Xamasoft)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
sXe Injected (HKLM\...\sXe Injected) (Version: 15.1.1.0 - Alejandro Cortés)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
UltraISO Premium V9.6 (HKLM\...\UltraISO_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144515 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.91 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.91 - WiseCleaner.com, Inc.)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Restore Points =========================
05-04-2014 10:48:15 Ponto de verificação do sistema
05-04-2014 18:54:44 Ponto de verificação do sistema
07-04-2014 14:58:38 Ponto de verificação do sistema
18-04-2014 00:39:35 Revo Uninstaller's restore point - Counter Strike 1.6 - 2013
20-04-2014 16:53:10 Ponto de verificação do sistema
27-04-2014 13:51:35 Ponto de verificação do sistema
27-04-2014 14:36:19 Plex Media Server
27-04-2014 17:25:41 Plex Media Server
29-04-2014 02:20:55 Ponto de verificação do sistema
30-04-2014 15:28:15 avast! antivirus system restore point
03-05-2014 22:35:14 Ponto de verificação do sistema
05-05-2014 23:08:03 Ponto de verificação do sistema
08-05-2014 23:58:26 Ponto de verificação do sistema
10-05-2014 19:24:26 Ponto de verificação do sistema
10-05-2014 21:04:20 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:05:22 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:06:10 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:32:17 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:37:24 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:45:10 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:50:08 Revo Uninstaller's restore point - sXe Injected
11-05-2014 04:39:33 zoek.exe restore point
11-05-2014 14:46:58 zoek.exe restore point
11-05-2014 15:12:42 zoek.exe restore point
11-05-2014 16:38:57 ZHPFix Restore System Point
11-05-2014 17:15:21 ZHPFix Restore System Point
==================== Hosts content: ==========================
2001-10-28 12:06 - 2014-05-11 01:39 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe
==================== Loaded Modules (whitelisted) =============
2013-07-20 14:58 - 2006-07-24 23:33 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2012-06-18 12:24 - 2012-06-18 12:24 - 00260096 _____ () C:\Arquivos de programas\Notepad++\NppShell_05.dll
2014-05-11 11:41 - 2014-05-11 03:04 - 02253312 _____ () C:\Arquivos de programas\Alwil Software\Avast5\defs\14051100\algo.dll
2014-01-13 16:44 - 2014-01-13 16:44 - 19336120 _____ () C:\Arquivos de programas\Alwil Software\Avast5\libcef.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Documents and Settings^CASA^Menu Iniciar^Programas^Inicializar^wandoujia_helper.lnk => C:\WINDOWS\pss\wandoujia_helper.lnkStartup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: EEventManager => "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON TX220 Series => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDL.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: MSMSGS => "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Skype => "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 10:12:02 PM) (Source: SecurityCenter) (User: ) (EventID: 1802)
Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Firewall e Antivírus de terceiros.
Error: (04/21/2014 10:12:02 PM) (Source: WinMgmt) (User: ) (EventID: 28)
Description: O WinMgmt não pôde inicializar as partes principais. Isso pode ter ocorrido devido a uma versão mal instalada do WinMgmt, a falha de atualização do respositório do WinMgmt ou a memória insuficiente.
Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2006)
Description: Não foi possível ler dados de desempenho da fila do servidor a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é DWORD 2.
Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2005)
Description: Não foi possível ler dados de desempenho a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é o DWORD 2.
System errors:
=============
Error: (05/11/2014 11:48:04 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BPROTECT\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:47:59 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BNDEF\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:47:48 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BHBASE\0000 desapareceu do sistema sem ser preparado para remoção.
Error: (05/11/2014 11:39:56 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 02:15:25 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 02:15:24 AM) (Source: Print) (User: AUTORIDADE NT) (EventID: 19)
Description: Falha ao compartilhar impressora: + 1722; impressora EPSON TX220 Series, nome de compartilhamento EPSONTX2.
Error: (05/11/2014 01:23:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Error: (05/11/2014 01:18:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At2.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Error: (05/11/2014 00:56:08 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2
Error: (05/11/2014 00:23:19 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 1534.42 MB
Available physical RAM: 1042.34 MB
Total Pagefile: 3430.64 MB
Available Pagefile: 3100.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.52 GB) (Free:10.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 0BA80BA8)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
==================== End Of Log ============================
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 14:47
Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).
Execute o FRST. Clique no botão Fix.
Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
Execute o FRST. Clique no botão Fix.
Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 15:08
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
Ran by CASA at 2014-05-11 15:03:14 Run:1
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
end
*****************
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk => Moved successfully.
C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR DefaultSearchKeyword: websearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: WebSearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP => ":373E1720" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc => Key deleted successfully.
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61} => The item is protected. Make sure the software is uninstalled and its services are removed.
The system needed a reboot.
==== End of Fixlog ====
Ran by CASA at 2014-05-11 15:03:14 Run:1
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultNewTabURL:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
end
*****************
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk => Moved successfully.
C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR DefaultSearchKeyword: websearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: WebSearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP => ":373E1720" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc => Key deleted successfully.
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61} => The item is protected. Make sure the software is uninstalled and its services are removed.
The system needed a reboot.
==== End of Fixlog ====
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Re: Preciso de ajuda para remover o Baidu por completo
por Power Max Dom 11 maio 2014, 15:16
Reinicie o PC para que o Farbar complete a limpeza.
Depois disto abra o Google Chrome > clique nas três linhas no canto superior direito da tela dele e clique em Configurações > Clique em Mostrar configurações avançadas > Veja tudo que esteja configurado relativo a websearch e configure de volta para os valores corretos. Depois disto desça até o fim da página e clique em Redefinir configurações do navegador.
Depois disto nos diga como está o Chrome e o PC como um todo.
Depois disto abra o Google Chrome > clique nas três linhas no canto superior direito da tela dele e clique em Configurações > Clique em Mostrar configurações avançadas > Veja tudo que esteja configurado relativo a websearch e configure de volta para os valores corretos. Depois disto desça até o fim da página e clique em Redefinir configurações do navegador.
Depois disto nos diga como está o Chrome e o PC como um todo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Preciso de ajuda para remover o Baidu por completo
por guijorge Dom 11 maio 2014, 16:30
Tudo OK. Eu não conseguia mais mexer no Chrome, porque ele estava travando muito e cheio de coisas instaladas nele, por isso estava usando o FireFox, agora está tudo ok.
O Computador melhorou bastante e já consigo usar os programas que davam problema por causa do Baidu.
achei que ia ter que formatar meu pc, sorte que achei esse forum, VLW!!
O Computador melhorou bastante e já consigo usar os programas que davam problema por causa do Baidu.
achei que ia ter que formatar meu pc, sorte que achei esse forum, VLW!!
guijorge- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014
Conteúdo patrocinado
Página 1 de 2 • 1, 2
Tópicos semelhantes» Preciso de Ajuda - remover o BAIDU
» Preciso de ajuda para deletar um tal de "Delta-Homes"!
» Ajuda para remover rootkit
» Preciso de ajuda para remover a praga qone8
» Ajuda para remover o Baidu do computador
» Preciso de ajuda para deletar um tal de "Delta-Homes"!
» Ajuda para remover rootkit
» Preciso de ajuda para remover a praga qone8
» Ajuda para remover o Baidu do computador
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos