Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 24 usuários online :: 0 registrados, 0 invisíveis e 24 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Remover YAC
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2
Remover YAC
Alguem poderia me ajudar a remover o yac? e tambem como faço para o meu pc instalar programa. ele baixa mais na hora de instalar nao da certo aparece NSIS error.
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Oi Jeane. Seja bem vinda ao Fórum PC Brasil.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
# AdwCleaner v3.210 - Relatório criado 20/05/2014 às 01:03:22
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : jeaneadmir - AJ
# Executando de : C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\AlawarWrapper
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Pasta Deletada : C:\Windows\SysWOW64\hotspot shield
Pasta Deletada : C:\Users\JEANEA~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\lollipop
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\NativeMessaging
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\QuickStoresToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\anchorfree
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js ]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=FF&p2=%5EBAY%5Ezzz012%5EYY%5EBR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Ezzz012%5EYY%5EBR&apn_dbr=ff_26[...]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.search.selectedEngine", "SearchTheWeb");
-\\ Google Chrome v34.0.1847.137
[ Arquivo : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo
*************************
AdwCleaner[R0].txt - [18490 octets] - [20/05/2014 01:01:10]
AdwCleaner[S0].txt - [16505 octets] - [20/05/2014 01:03:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16566 octets] ##########
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : jeaneadmir - AJ
# Executando de : C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\AlawarWrapper
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Pasta Deletada : C:\Windows\SysWOW64\hotspot shield
Pasta Deletada : C:\Users\JEANEA~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\lollipop
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\NativeMessaging
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\QuickStoresToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\anchorfree
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js ]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=FF&p2=%5EBAY%5Ezzz012%5EYY%5EBR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Ezzz012%5EYY%5EBR&apn_dbr=ff_26[...]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.search.selectedEngine", "SearchTheWeb");
-\\ Google Chrome v34.0.1847.137
[ Arquivo : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo
*************************
AdwCleaner[R0].txt - [18490 octets] - [20/05/2014 01:01:10]
AdwCleaner[S0].txt - [16505 octets] - [20/05/2014 01:03:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16566 octets] ##########
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Ter 20 maio 2014, 12:23, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 10:57:15,89.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
20/05/2014 10:57:52 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("browser.search.selectedEngine", "StartWeb");
Added to C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default
user.js not found
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----
prefs_052014_1110_.backup
==== Deleting Files \ Folders ======================
C:\Users\jeaneadmir\.android deleted
C:\PROGRA~2\iSafe deleted
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Users\jeaneadmir\AppData\Roaming\GetRightToGo deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jeaneadmir\AppData\Local\CRE deleted
C:\Users\jeaneadmir\AppData\Local\cache deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
==== Folders Found ======================
2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-05 17:36:57 2014-02-05 17:36:57 -------- d-----w- C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure
2013-12-15 15:42:35 2014-01-07 01:15:59 -------- d-----w- C:\Users\jeaneadmir\AppData\Roaming\Baidu Security
2014-02-11 21:00:49 2014-02-11 21:55:57 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"="\"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe\" -auto -start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"="\"C:\\ProgramData\\Baidu\\Antivirus\\BavPro_Setup_Mini_115.exe\" /S /NOTRAY partner=RebootRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\PCAppStore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=3.14.8.4008&to_version=3.16.3.4537&errorcode=0&errortext=&userid=S2SKJ5CD-80EE7378AF17!c6557691-359b-4894-b82d-68fedad323ac@#00FF57E64FEB&install_time=2014-01-20 23:23:30"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/02/2014 18:38]
==== Firefox Extensions ======================
ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default
- Undetermined - C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22/01/2014 18:04]
Google Drive - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Lilly Pulitzer - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm
YouTube Center - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bcegdpionpopahcglnfiiioapcclamdj
YouTube - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Iminent Chrome Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb
==== Chrome Fix ======================
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E4447D16-C14B-41AE-AC8B-5878227FE0E5} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E4447D16-C14B-41AE-AC8B-5878227FE0E5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\jeaneadmir\Desktop\AdwCleaner - Atalho.lnk - C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
C:\Users\jeaneadmir\Desktop\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\jeaneadmir\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Manual POSITIVO TV.lnk - C:\Fabricante\Manual PCTV\Manual_PCTV.pdf
C:\Users\Public\Desktop\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.MundoPositivo
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk -
C:\Users\Public\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosUI.exe Offer
C:\Users\Public\Desktop\Positivo Dicas.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoAjudante
C:\Users\Public\Desktop\Positivo Horóscopo.lnk -
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Positivo Mulher.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoMulher
C:\Users\Public\Desktop\Positivo Músicas.lnk -
C:\Users\Public\Desktop\POSITIVO TV.lnk - C:\Program Files (x86)\Positivo\POSITIVO TV\AVerTV.exe
C:\Users\Public\Desktop\Positivo Verde e Amarelo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoVerdeeAmarelo
C:\Users\Public\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
==== shortcuts in Users Start Menu ======================
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files (x86)\Unlocker\uninst.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\jeaneadmir\AppData\Local\Mozilla\Firefox\Profiles\n99pkfnm.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1440 folders=184 80203615 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\jeaneadmir\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\JEANEA~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 20/05/2014 at 11:17:57,32 ======================
Tool run by jeaneadmir on 20/05/2014 at 10:57:15,89.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
20/05/2014 10:57:52 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("browser.search.selectedEngine", "StartWeb");
Added to C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default
user.js not found
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----
prefs_052014_1110_.backup
==== Deleting Files \ Folders ======================
C:\Users\jeaneadmir\.android deleted
C:\PROGRA~2\iSafe deleted
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Users\jeaneadmir\AppData\Roaming\GetRightToGo deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jeaneadmir\AppData\Local\CRE deleted
C:\Users\jeaneadmir\AppData\Local\cache deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
==== Folders Found ======================
2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-05 17:36:57 2014-02-05 17:36:57 -------- d-----w- C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure
2013-12-15 15:42:35 2014-01-07 01:15:59 -------- d-----w- C:\Users\jeaneadmir\AppData\Roaming\Baidu Security
2014-02-11 21:00:49 2014-02-11 21:55:57 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"="\"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe\" -auto -start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"="\"C:\\ProgramData\\Baidu\\Antivirus\\BavPro_Setup_Mini_115.exe\" /S /NOTRAY partner=RebootRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\PCAppStore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=3.14.8.4008&to_version=3.16.3.4537&errorcode=0&errortext=&userid=S2SKJ5CD-80EE7378AF17!c6557691-359b-4894-b82d-68fedad323ac@#00FF57E64FEB&install_time=2014-01-20 23:23:30"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/02/2014 18:38]
==== Firefox Extensions ======================
ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default
- Undetermined - C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22/01/2014 18:04]
Google Drive - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Lilly Pulitzer - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm
YouTube Center - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bcegdpionpopahcglnfiiioapcclamdj
YouTube - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Iminent Chrome Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb
==== Chrome Fix ======================
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E4447D16-C14B-41AE-AC8B-5878227FE0E5} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E4447D16-C14B-41AE-AC8B-5878227FE0E5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\jeaneadmir\Desktop\AdwCleaner - Atalho.lnk - C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
C:\Users\jeaneadmir\Desktop\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\jeaneadmir\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Manual POSITIVO TV.lnk - C:\Fabricante\Manual PCTV\Manual_PCTV.pdf
C:\Users\Public\Desktop\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.MundoPositivo
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk -
C:\Users\Public\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosUI.exe Offer
C:\Users\Public\Desktop\Positivo Dicas.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoAjudante
C:\Users\Public\Desktop\Positivo Horóscopo.lnk -
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Positivo Mulher.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoMulher
C:\Users\Public\Desktop\Positivo Músicas.lnk -
C:\Users\Public\Desktop\POSITIVO TV.lnk - C:\Program Files (x86)\Positivo\POSITIVO TV\AVerTV.exe
C:\Users\Public\Desktop\Positivo Verde e Amarelo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoVerdeeAmarelo
C:\Users\Public\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
==== shortcuts in Users Start Menu ======================
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files (x86)\Unlocker\uninst.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\jeaneadmir\AppData\Local\Mozilla\Firefox\Profiles\n99pkfnm.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1440 folders=184 80203615 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\jeaneadmir\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\JEANEA~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 20/05/2014 at 11:17:57,32 ======================
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
No seu PC está constando o Baidu antivirus, que a maioria das pessoas costuma nos procurar para remover. Você quer continuar com ele ou quer removê-lo?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
Remover o Baidu.
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Ter 20 maio 2014, 12:51, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 12:30:16,09.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-20-141757.log 39099 bytes
==== System Restore Info ======================
20/05/2014 12:30:43 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-
==== Deleting Files \ Folders ======================
C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure not found
C:\ProgramData\Baidu Security deleted
C:\Users\jeaneadmir\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
==== Folders Found ======================
2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-20 15:32:06 2014-05-20 15:32:09 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-20 15:32:11 2014-05-20 15:32:11 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-20 15:32:12 2014-05-20 15:32:14 -------- d---a-w- C:\zoek_backup\C_Users_jeaneadmir_AppData_Roaming_Baidu Security
2014-05-20 15:32:14 2014-05-20 15:32:15 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1965 folders=232 374801778 bytes)
==== EOF on 20/05/2014 at 12:34:02,79 ======================
Tool run by jeaneadmir on 20/05/2014 at 12:30:16,09.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-20-141757.log 39099 bytes
==== System Restore Info ======================
20/05/2014 12:30:43 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-
==== Deleting Files \ Folders ======================
C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure not found
C:\ProgramData\Baidu Security deleted
C:\Users\jeaneadmir\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
==== Folders Found ======================
2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-20 15:32:06 2014-05-20 15:32:09 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-20 15:32:11 2014-05-20 15:32:11 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-20 15:32:12 2014-05-20 15:32:14 -------- d---a-w- C:\zoek_backup\C_Users_jeaneadmir_AppData_Roaming_Baidu Security
2014-05-20 15:32:14 2014-05-20 15:32:15 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1965 folders=232 374801778 bytes)
==== EOF on 20/05/2014 at 12:34:02,79 ======================
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Ter 20 maio 2014, 19:09, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
mais ainda tem o baidu no meu pc?
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Sim, ainda tem. Siga o procedimento que te passei acima e poste o novo log do Zoek.Jeane escreveu:mais ainda tem o baidu no meu pc?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
Vou fazer isto. e vc acha que depois de fazer isso tudo vou poder instalar programas no meu pc? ou é outro problema?
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Power Max escreveu:Sim, ainda tem. Siga o procedimento que te passei acima e poste o novo log do Zoek.Jeane escreveu:mais ainda tem o baidu no meu pc?
Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 12:55:46,49.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-20-141757.log 39099 bytes
C:\zoek-results2014-05-20-153402.log 21412 bytes
==== System Restore Info ======================
20/05/2014 12:56:06 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1965 folders=232 374801778 bytes)
==== EOF on 20/05/2014 at 12:56:57,69 ======================
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) REMOVER YAC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by jeaneadmir on 20/05/2014 at 13:13:50,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2014 at 13:21:45,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by jeaneadmir on 20/05/2014 at 13:13:50,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2014 at 13:21:45,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
mais o que é: ZHPDiag2.exe > < > ( ... de Nicolas Coolman )Power Max escreveu: Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
e pra que ele serve?
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Ele faz uma análise do PC para vermos se o Yac ainda está aparecendo, além de outros tipos de adwares.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) REMOVER YAC
apareceu 2icone quando eu instalei o zhpPower Max escreveu:Ele faz uma análise do PC para vermos se o Yac ainda está aparecendo, além de outros tipos de adwares.
~ Relatório do ZHPDiag v2014.5.19.69 - Nicolas Coolman (19/05/2014)
~ Iniciado por jeaneadmir (20/05/2014 13:39:13)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16897
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Windows Defender W8
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3542 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 376 GB (84%) free of 446 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AJ
~ User Name: jeaneadmir
~ All Users Names: jeaneadmir, fbwuser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\jeaneadmir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jeaneadmir\AppData\Roaming\
~ %Desktop% : C:\Users\jeaneadmir\Desktop\
~ %Favorites% : C:\Users\jeaneadmir\Favorites\
~ %LocalAppData% : C:\Users\jeaneadmir\AppData\Local\
~ %StartMenu% : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 376 Go of 446 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/05/2013 - 09:31:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/44
~ Mes musiques (My Musics) : 1/1000
~ Mes Videos (My Videos) : 1/145
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/22
~ Mon Bureau (My Desktop) : 1/27
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.1440]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3892]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.2592]
[MD5.322522D6FF36A539CAD732D182FA6D18] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7878656] [PID.888]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js
M3 - MFPP: Plugins - [jeaneadmir] -- C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\searchplugins\Baixaki.xml
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [jeaneadmir]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [jeaneadmir]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe (.not file.)
O4 - HKLM\..\Run: [DeskmediaReaper] C:\Positivo\Deskmedia\DeskmediaReaper.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15E295FF-141A-4EF9-A16C-BC3B8E8433C9}: DhcpNameServer = 192.254.254.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{15E295FF-141A-4EF9-A16C-BC3B8E8433C9}: DhcpNameServer = 192.254.254.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.254.254.18
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1078]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1082]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser
~ Drivers: 42 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ControlAP II 1.3.5 - (.OEM.) [HKLM][64Bits] -- {A75A2559-40B0-4C25-A7ED-19D593F2A6E9}
O42 - Logiciel: Driver 1.4.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: H823 USB Hybrid ISDB-Tb 10.2.64.86 - (...) [HKLM][64Bits] -- AVerMedia H823 USB Hybrid ISDB-Tb
O42 - Logiciel: OSD 1.15.13 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: iBrightness 1.0.1 - (.OEM.) [HKLM][64Bits] -- {B351A468-173F-43D8-B6E6-5A6E9A0125A8}
~ Logic: 23 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Beamrise] =>Hijacker.Beamrise
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\SoilIO]
~ Key Software: 210 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/05/2014 - 14:04:38 - [] ----D C:\Users\jeaneadmir\AppData\Roaming\mp3rocket
O43 - CFD: 09/02/2014 - 15:16:18 - [] ----D C:\Users\jeaneadmir\AppData\Local\VNT
~ Program Folder: 128 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7518640D625C38F2494A277C6E75FA44] - 08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O44 - LFC:[MD5.964D29F045333DBC5C2CB2C2AB011E4C] - 18/05/2014 - 16:22:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154946]
O44 - LFC:[MD5.924FD4E360F4B410673EDDE89FA00A85] - 18/05/2014 - 16:22:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763656]
O44 - LFC:[MD5.94C4F322443873E57A4744A539043E79] - 20/05/2014 - 11:17:57 ---A- . (...) -- C:\zoek-results2014-05-20-141757.log [39099]
O44 - LFC:[MD5.F931B16F323DE7905E05F939B5B13BE5] - 20/05/2014 - 12:34:02 ---A- . (...) -- C:\zoek-results2014-05-20-153402.log [21412]
O44 - LFC:[MD5.0BA19B3FFA535CAF65995F0AE690B82F] - 20/05/2014 - 12:56:57 ---A- . (...) -- C:\zoek-results.log [3412]
~ Files: 51 Legitimates Filtered in 00mn 03s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{43e61306-c48a-11e3-be9f-80ee7378af17}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
O51 - MPSK:{6cb36b92-61f0-11e3-be75-80ee7378af17}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/12/2013 - 21:31:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:24/12/2013 - 21:31:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/01/2014 - 19:50:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [83264]
O58 - SDL:08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys [13816]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:20/06/2013 - 22:09:44 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:28/04/2005 - 08:08:46 ---A- . (...) -- C:\Windows\SysWOW64\AVerIO.sys [3456]
~ Drivers: 60 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][16/05/2014] (...) -- C:\Users\jeaneadmir\AppData\Roaming\inst.exe [99384]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F2CEE4BE-C8BD-4E3C-9C6B-36389C709F60}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A032EE63-7A54-4504-9E64-79FB04DD8D53}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][17/12/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2445969b.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
~ BTK: 52 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 06/12/2009 397312 | (AVerScheduleService) . (...) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
SS - | Demand 23/04/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 17/12/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/12/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/12/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 27/05/2013 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/10/2013 65304 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe
SR - | Auto 22/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/05/2013 368640 | (AVerRemote) . (.AVerMedia.) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 27/07/2012 636952 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 19/12/2012 129488 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 19/12/2012 165328 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 19/12/2012 277456 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 19/12/2012 364496 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 09s
---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\Beamrise] =>Hijacker.Beamrise^
C:\Windows\Installer\2445969b.msi =>Toolbar.Google^
~ Additionnel Scan: 204543 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ MSI: 3 link(s) detected in 00mn 00s
~ 585 Legitimates filtered by white list
End of the scan (404 lines in 01mn 18s)(0)
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 20 maio 2014, 15:11, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
tenho que instalar zhp de novo? ou posso executar o que esta na area de trabalho?
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Ele já está instalado é só fazer exatamente como te falei.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover YAC
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014Power Max escreveu:Ele já está instalado é só fazer exatamente como te falei.
Fichier d'export Registre :
Run by jeaneadmir at 20/05/2014 14:42:10
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ: HKCU\Software\Beamrise
ELIMINÉ CLSID MPSK: {43e61306-c48a-11e3-be9f-80ee7378af17}
ELIMINÉ CLSID MPSK: {6cb36b92-61f0-11e3-be75-80ee7378af17}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
========== Valores do Registo ==========
ELIMINÉ RunValue: StartUpManagerPositivo
ELIMINÉ RunValue: DeskmediaReaper
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\jeaneadmir\appdata\roaming\mozilla\firefox\profiles\n99pkfnm.default\searchplugins\baixaki.xml
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 04s
========== Caminho do ficheiro do relatório ==========
C:\Users\jeaneadmir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/05/2014 14:42:13 [2037]
Jeane- Iniciante
- Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014
Re: Remover YAC
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos
|
|