Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 19 usuários online :: 0 registrados, 0 invisíveis e 19 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Baidu Antivirus está em meu PC!
3 participantes
Página 1 de 2
Página 1 de 2 • 1, 2
Baidu Antivirus está em meu PC!
Boa tarde, ontem mesmo com a ajuda de vocês consegui me livrar dessa e outras pragas do meu notebook, agora fui instalar o Kaspersky no PC mesmo e apareceu que também está com o Baidu Antivirus. Preciso de ajuda novamente na esperança de dar certo assim como deu no notebook
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Olá.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
# AdwCleaner v3.210 - Relatório criado 22/05/2014 às 16:09:39
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Cristiane - CRISTIANE-PC
# Executando de : C:\Users\Cristiane\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Users\Cristiane\AppData\Local\lollipop
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\user.js
Arquivo Deletada : C:\Windows\Tasks\Driver Booster Update.job
Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42231E0D-A692-43EE-85DC-A22E39722250}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42231E0D-A692-43EE-85DC-A22E39722250}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\lollipop
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v26.0 (pt-BR)
[ Arquivo : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js ]
-\\ Google Chrome v34.0.1847.137
[ Arquivo : C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
*************************
AdwCleaner[R0].txt - [6440 octets] - [12/01/2014 09:38:11]
AdwCleaner[R1].txt - [2479 octets] - [22/05/2014 16:08:37]
AdwCleaner[S0].txt - [6253 octets] - [12/01/2014 09:39:29]
AdwCleaner[S1].txt - [2672 octets] - [22/05/2014 16:09:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2732 octets] ##########
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Cristiane - CRISTIANE-PC
# Executando de : C:\Users\Cristiane\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Users\Cristiane\AppData\Local\lollipop
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\user.js
Arquivo Deletada : C:\Windows\Tasks\Driver Booster Update.job
Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42231E0D-A692-43EE-85DC-A22E39722250}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42231E0D-A692-43EE-85DC-A22E39722250}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\lollipop
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v26.0 (pt-BR)
[ Arquivo : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js ]
-\\ Google Chrome v34.0.1847.137
[ Arquivo : C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
*************************
AdwCleaner[R0].txt - [6440 octets] - [12/01/2014 09:38:11]
AdwCleaner[R1].txt - [2479 octets] - [22/05/2014 16:08:37]
AdwCleaner[S0].txt - [6253 octets] - [12/01/2014 09:39:29]
AdwCleaner[S1].txt - [2672 octets] - [22/05/2014 16:09:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2732 octets] ##########
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 22 maio 2014, 19:17, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 16:22:11,10.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
22/05/2014 16:23:02 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal");
user_pref("browser.search.selectedEngine", "Google");
Added to C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default
user.js not found
---- Lines extensions.518020f2e52ff removed from prefs.js ----
user_pref("extensions.518020f2e52ff.epoch", "1376705125");
user_pref("extensions.518020f2e52ff.url", "http://getjpijs.info/sync2/?ext=btos&pid=969&country=BR®d=130430195218&lsd=130816020530&ver=7&ind=372445
---- Lines extensions.5180212eec813 removed from prefs.js ----
user_pref("extensions.5180212eec813.epoch", "1376705125");
user_pref("extensions.5180212eec813.url", "http://getjpit.info/sync2/?ext=wbn&pid=969&country=BR®d=130430195318&lsd=130816020530&ver=7&ind=37244503
---- FireFox user.js and prefs.js backups ----
prefs_052014_1630_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Cristiane\.android deleted
C:\Program Files\GUTD00.tmp deleted
C:\Program Files\GUMCF0.tmp deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Common Files\Wondershare deleted
C:\Users\Cristiane\AppData\Roaming\Wondershare deleted
C:\Users\Cristiane\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Cristiane\AppData\Local\Wondershare deleted
C:\Users\Cristiane\AppData\LocalLow\SearchNewTab deleted
C:\Users\Cristiane\AppData\Roaming\unins000.exe deleted
C:\Users\Cristiane\AppData\Roaming\unins001.exe deleted
==== Folders Found ======================
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-03-05 23:15:53 2014-04-17 12:40:39 -------- d-----w- C:\Program Files\Baidu Security
2014-03-05 23:15:53 2014-05-21 21:59:29 -------- d-----w- C:\ProgramData\Baidu Security
2014-03-05 23:15:53 2014-05-21 21:59:29 -------- d-----w- C:\Users\All Users\Baidu Security
2014-03-05 23:18:46 2014-04-17 12:40:25 -------- d-----w- C:\Users\Cristiane\AppData\Roaming\Baidu Security
2014-03-05 23:17:37 2014-04-17 12:40:51 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-04-17 12:41:20 2014-04-17 12:41:20 -------- d-----w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security
==== Files Found ======================
--- C:\Users\Cristiane\AppData\Local\Spark\User Data\baidu_shutdown_ms.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 5
Created time: 2014-05-05 02:08:07
Modified time: 2014-05-05 02:08:07
MD5: 9CEDF029786EC6E5E359EA1179EAE7B2
SHA1: 329A27CCE2F7F2D0F990E4A7845ABB25F57EDC64
--- C:\Users\Cristiane\AppData\Local\Temp\28FEC379-E1DF-11E3-A141-00270E389CBD\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-22 18:30:39
Modified time: 2014-05-21 18:10:36
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-05 03-19-23-0166-[25811].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-05 03-19-23-0166-[25811].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-40-18-0467-[20869].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-43-35-0958-[18002].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-03-23-0599-[12626].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-14 03-07-06-0771-[32082].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-24 03-12-32-0932-[29803].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-26 03-01-05-0827-[13784].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-08 04-52-25-0614-[26725].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-52-21-0505-[13201].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-53-31-0579-[18430].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-04-09 04-21-07-0145-[23838].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-11 04-33-25-0849-[24228].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-17 04-41-10-0654-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-17 04-41-25-0155-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-18 04-14-27-0672-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-23 04-21-01-0425-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-23 04-51-06-0958-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-08-12-0945-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-15-05-0208-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-29-18-0705-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-32-36-0944-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-43-29-0257-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-47-51-0225-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-49-28-0670-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-49-42-0000-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-25 04-49-43-0020-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-51-07-0132-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-05-04 05-43-37-0172-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-04 05-43-43-0029-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-04 05-43-47-0190-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@="\"C:\\Program Files\\baidu\\Spark\\Spark.exe\" -- \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@="\"C:\\Program Files\\baidu\\Spark\\Spark.exe\" -- \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"DisplayIcon"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038\\PCAppStore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"UninstallString"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038\\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"InstallDir"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\baidu]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\Install]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.3.67165&userid=1857ecc0996ca0e19f11cd0508bdfc71&old_userid=S2N5J50B-00270E389CBD!ccf6eb2c-d5d5-42d3-a576-7acb9df5b423@#00270E389CBD&install_time=2014-03-05 23:17:37&parent_name=dllhost.exe"
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.3.67165&userid=1857ecc0996ca0e19f11cd0508bdfc71&old_userid=S2N5J50B-00270E389CBD!ccf6eb2c-d5d5-42d3-a576-7acb9df5b423@#00270E389CBD&install_time=2014-03-05 23:17:37&parent_name=dllhost.exe"
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"DAEMON Tools Lite_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"msnmsgr_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Acrobat Assistant 8.0_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"AdobeAAMUpdater-1.0_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SoundMAX_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"="C:\\Program Files\\baidu\\Spark\\Spark.exe /url --flag-switches-begin --flag-switches-end --restore-last-session magnet:?xt=urn:btih:b62d4766e79c5d7c92e5969f98e3b30ece8906b5&dn=High.School.Musical.2006.720p.Dual.Audio.%5BEng-Hindi%5D-Alan&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [01/07/2013 20:59]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" []
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
9D4A0B314CB9CF134CA27E1E0217E51E - C:\Mozilla Plugins\npitunes.dll - iTunes Application Detector
099CB18EA60FB962CE324D32C95DB3A5 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
B0E0DA307E454E0342A433FA8A5F3801 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
CFC0BF89AEC7F4EB034BB20CDE0C1174 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9A792830E58717538C0B8CCFFE060CE5 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E2FD06835049C9F3F06E5088E00A3065 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
01E4DA82C518853EF3B16209C038D7B9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
AE7B288233C212C62CD544BF768C45E6 - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[]
Google Wallet - Cristiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Video Download - Cristiane\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
RealDownloader - Cristiane\AppData\Local\Spark\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{C4304BAC-BF69-49B8-8B32-58F0471DE8D0} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} deleted successfully
HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\DriverPack Solution Lite.lnk - C:\Program Files\DriverPack Solution Lite 13\DRPSu13-Lite.exe
C:\Users\Public\Desktop\English Grammar in Use Extra.lnk - C:\Program Files\Cambridge\English Grammar in Use Extra\English Grammar in Use Extra.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (32-bit).lnk - C:\Program Files\Cheat Engine 6.3\cheatengine-i386.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (64-bit).lnk - C:\Program Files\Cheat Engine 6.3\cheatengine-x86_64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3.lnk - C:\Program Files\Cheat Engine 6.3\Cheat Engine.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine help.lnk - C:\Program Files\Cheat Engine 6.3\CheatEngine.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine tutorial.lnk - C:\Program Files\Cheat Engine 6.3\Tutorial-i386.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\main.lua.lnk - C:\Windows\system32\notepad.exe C:\Program Files\Cheat Engine 6.3\main.lua
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Reset settings.lnk - C:\Program Files\Cheat Engine 6.3\ceregreset.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Uninstall Cheat Engine.lnk - C:\Program Files\Cheat Engine 6.3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Kernel stuff\Unload kernel module.lnk - C:\Program Files\Cheat Engine 6.3\Kernelmoduleunloader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\abmojiekfpcmkkfamgfcpgfgipocface deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBoxConnector deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader deleted successfully
==== Empty IE Cache ======================
C:\Users\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1185 folders=39 128310636 bytes)
==== Empty Temp Folders ======================
C:\Users\Cristiane\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\CRISTI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 22/05/2014 at 16:38:35,72 ======================
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Alguém ai?
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Olá!
Peço que aguarde a análise do seu log.
Dentro de instantes o colaborador te passará os próximos procedimentos.
Peço que aguarde a análise do seu log.
Dentro de instantes o colaborador te passará os próximos procedimentos.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Re: Baidu Antivirus está em meu PC!
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 22 maio 2014, 20:09, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 19:52:51,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-22-193835.log 39852 bytes
==== System Restore Info ======================
22/05/2014 19:53:31 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.0.6.5038} deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCAppStoreSvc_{PCAppStore_4.0.6.5038} deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf\list]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-05 03-19-23-0166-[25811].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-05 03-19-23-0166-[25811].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-40-18-0467-[20869].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-43-35-0958-[18002].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-03-23-0599-[12626].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-14 03-07-06-0771-[32082].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-24 03-12-32-0932-[29803].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-26 03-01-05-0827-[13784].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-08 04-52-25-0614-[26725].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-52-21-0505-[13201].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-53-31-0579-[18430].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-04-09 04-21-07-0145-[23838].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-11 04-33-25-0849-[24228].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-17 04-41-10-0654-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-17 04-41-25-0155-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-18 04-14-27-0672-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-23 04-21-01-0425-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-23 04-51-06-0958-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-08-12-0945-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-15-05-0208-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-29-18-0705-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-32-36-0944-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-43-29-0257-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-47-51-0225-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-49-28-0670-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-49-42-0000-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-25 04-49-43-0020-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-51-07-0132-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-05-04 05-43-37-0172-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-04 05-43-43-0029-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-04 05-43-47-0190-[0041].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\baidu]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"DAEMON Tools Lite_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"msnmsgr_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Acrobat Assistant 8.0_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"AdobeAAMUpdater-1.0_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SoundMAX_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Cristiane\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Users\Cristiane\AppData\Local\Spark\User Data\baidu_shutdown_ms.txt" deleted
==== Folders Found ======================
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-22 22:54:52 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Users_Cristiane_AppData_Roaming_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:56 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-22 22:54:56 2014-05-22 22:54:56 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_Users_Cristiane_AppData_Local_Spark_User Data_baidu_shutdown_ms.txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 5
Created time: 2014-05-22 22:54:56
Modified time: 2014-05-05 02:08:07
MD5: 9CEDF029786EC6E5E359EA1179EAE7B2
SHA1: 329A27CCE2F7F2D0F990E4A7845ABB25F57EDC64
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1320 folders=132 203730275 bytes)
==== EOF on 22/05/2014 at 19:56:42,75 ======================
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 22 maio 2014, 20:16, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 20:11:14,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes
==== System Restore Info ======================
22/05/2014 20:11:43 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1320 folders=132 203730275 bytes)
==== EOF on 22/05/2014 at 20:12:41,28 ======================
Tool run by Cristiane on 22/05/2014 at 20:11:14,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes
==== System Restore Info ======================
22/05/2014 20:11:43 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1320 folders=132 203730275 bytes)
==== EOF on 22/05/2014 at 20:12:41,28 ======================
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 22 maio 2014, 20:21, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 20:16:27,97.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes
C:\zoek-results2014-05-22-231241.log 2702 bytes
==== System Restore Info ======================
22/05/2014 20:16:51 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1320 folders=132 203730275 bytes)
==== EOF on 22/05/2014 at 20:17:48,48 ======================
Tool run by Cristiane on 22/05/2014 at 20:16:27,97.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes
C:\zoek-results2014-05-22-231241.log 2702 bytes
==== System Restore Info ======================
22/05/2014 20:16:51 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1320 folders=132 203730275 bytes)
==== EOF on 22/05/2014 at 20:17:48,48 ======================
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Cristiane on 22/05/2014 at 20:23:27,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Cristiane\AppData\Roaming\mozilla\firefox\profiles\cazhzzqa.default\minidumps [4 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2014 at 20:26:26,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Cristiane on 22/05/2014 at 20:23:27,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Cristiane\AppData\Roaming\mozilla\firefox\profiles\cazhzzqa.default\minidumps [4 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2014 at 20:26:26,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman (22/05/2014)
~ Iniciado por Cristiane (22/05/2014 20:31:37)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/640
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 03s
---\\ Processos lançados
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.788]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1420]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.1712]
[MD5.4DC6B0772D1698F04FC79053A21C8260] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\system32\AEADISRV.exe [90112] [PID.1732]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1760]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1932]
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200] [PID.1972]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.412]
[MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.2956]
[MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.2976]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3012]
[MD5.ADDFB090DE67FB6251ABD242104BAEB5] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe [1270352] [PID.3080] =>P2P.BitTorrent
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe [32668056] [PID.3420]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2072]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.728]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.2432]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4496]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [tsnp2uvc.exe] Chave orfã
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{02F56846-D053-4F6F-8F8E-0BE72F9D1833}] (...) -- C:\Users\Cristiane\Downloads\win7_1512754.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5E6027CB-ABD1-47F4-9987-D641E4E55B0D}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8E9FB0FA-C9AC-4315-B979-0E238EC44B10}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}] (...) -- C:\Users\Cristiane\Downloads\install_flashplayer11x32ax_gtba_chra_dy_aih.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}] (...) -- C:\Users\Cristiane\Downloads\iGBPCEFgb.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9CF45BE-1615-460D-ACD6-237E2043E66C}] (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.) [0] =>P2P.µTorrent
[MD5.00000000000000000000000000000000] [APT] [{FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [294] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 278 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 217 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ---A- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ---A- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ---A- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ---A- . (...) -- C:\zoek-results.log [1140]
~ Files: 48 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{018be851-7954-11e3-aa30-00270e389cbd}\AutoRun\command. (...) -- F:\autostart.exe
O51 - MPSK:{5ad13eec-386d-11e3-996d-00270e389cbd}\AutoRun\command. (...) -- F:\wubi.exe (.not file.)
O51 - MPSK:{c90e759d-abfc-11e2-ae4e-806e6f6e6963}\AutoRun\command. (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- E:\SpeakUP.exe
~ Keys: Scanned in 00mn 02s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:11/04/2014 - 18:32:43 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 313764 Items scanned in 00mn 23s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s
~ 926 Legitimates filtered by white list
End of the scan (538 lines in 01mn 40s)(0)
~ Iniciado por Cristiane (22/05/2014 20:31:37)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/640
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 03s
---\\ Processos lançados
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.788]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1420]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.1712]
[MD5.4DC6B0772D1698F04FC79053A21C8260] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\system32\AEADISRV.exe [90112] [PID.1732]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1760]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1932]
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200] [PID.1972]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.412]
[MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.2956]
[MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.2976]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3012]
[MD5.ADDFB090DE67FB6251ABD242104BAEB5] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe [1270352] [PID.3080] =>P2P.BitTorrent
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe [32668056] [PID.3420]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2072]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.728]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.2432]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4496]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [tsnp2uvc.exe] Chave orfã
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{02F56846-D053-4F6F-8F8E-0BE72F9D1833}] (...) -- C:\Users\Cristiane\Downloads\win7_1512754.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5E6027CB-ABD1-47F4-9987-D641E4E55B0D}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8E9FB0FA-C9AC-4315-B979-0E238EC44B10}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}] (...) -- C:\Users\Cristiane\Downloads\install_flashplayer11x32ax_gtba_chra_dy_aih.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}] (...) -- C:\Users\Cristiane\Downloads\iGBPCEFgb.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9CF45BE-1615-460D-ACD6-237E2043E66C}] (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.) [0] =>P2P.µTorrent
[MD5.00000000000000000000000000000000] [APT] [{FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [294] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 278 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 217 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ---A- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ---A- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ---A- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ---A- . (...) -- C:\zoek-results.log [1140]
~ Files: 48 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{018be851-7954-11e3-aa30-00270e389cbd}\AutoRun\command. (...) -- F:\autostart.exe
O51 - MPSK:{5ad13eec-386d-11e3-996d-00270e389cbd}\AutoRun\command. (...) -- F:\wubi.exe (.not file.)
O51 - MPSK:{c90e759d-abfc-11e2-ae4e-806e6f6e6963}\AutoRun\command. (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- E:\SpeakUP.exe
~ Keys: Scanned in 00mn 02s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:11/04/2014 - 18:32:43 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 313764 Items scanned in 00mn 23s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s
~ 926 Legitimates filtered by white list
End of the scan (538 lines in 01mn 40s)(0)
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Sugiro que desinstale o Bonjour, que costuma deixar o Windows mais lento.
____________________________________________________________________________________________________________
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________
Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Utilize o USBFix conforme é mostrado nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_____________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.(começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com o relatório do USBFix que estará em C:\UsbFix.txt
____________________________________________________________________________________________________________
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________
Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Utilize o USBFix conforme é mostrado nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_____________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.(começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com o relatório do USBFix que estará em C:\UsbFix.txt
Última edição por Power Max em Qui 22 maio 2014, 23:57, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Como remover Baidu Antivirus do PC
############################## | UsbFix V 7.171 | [Limpar]
Usuário: Cristiane (Administrador) # CRISTIANE-PC
Atualizado em 18/05/2014 por El Desaparecido - SosVirus
Começou em 23:07:58 | 22/05/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Asistencia : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Intel Corporation (DQ45CB)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3261 Mo| Free : 1784 Mo]
Bios: Intel Corp.
Boot: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 34.0.1847.137
WB: Mozilla Firefox : 26.0
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: avast! Antivirus [(!) Disabled]
FW: Windows FireWall [(!) Disabled]
C:\ (%SystemDrive%) -> Disco fixo # 293 Gb (129 Mb livre - 44%) [] # NTFS
D:\ -> Disco fixo # 1570 Gb (855 Mb livre - 54%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Processos parados |
C:\PROGRA~1\GbPlugin\gbpsv.exe (ID: 792|ParentID: 556)
C:\Windows\System32\spoolsv.exe (ID: 1624|ParentID: 556|SISTEMA)
C:\Windows\explorer.exe (ID: 1816|ParentID: 1800|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1928|ParentID: 556|Cristiane)
C:\Program Files\SUPERAntiSpyware\SASCore.exe (ID: 1992|ParentID: 556|SISTEMA)
C:\Windows\System32\AEADISRV.EXE (ID: 2012|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2040|ParentID: 556|SISTEMA)
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (ID: 416|ParentID: 556|SISTEMA)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 856|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 1844|ParentID: 556|SISTEMA)
C:\Windows\System32\hkcmd.exe (ID: 3188|ParentID: 1816|Cristiane)
C:\Windows\System32\igfxpers.exe (ID: 3220|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3388|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3404|ParentID: 1816|Cristiane)
C:\Windows\System32\SearchIndexer.exe (ID: 4032|ParentID: 556|SISTEMA)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1764|ParentID: 556|SERVIÇO DE REDE)
C:\Windows\System32\msiexec.exe (ID: 3344|ParentID: 556|SISTEMA)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076|ParentID: 1816|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2888|ParentID: 6076|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3164|ParentID: 6076|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1988|ParentID: 556|Cristiane)
C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe (ID: 5596|ParentID: 1892|Cristiane)
C:\Program Files\Windows Defender\MpCmdRun.exe (ID: 3120|ParentID: 3600|SERVIÇO DE REDE)
C:\Windows\System32\taskhost.exe (ID: 3736|ParentID: 556|SERVIÇO LOCAL)
C:\Windows\System32\notepad.exe (ID: 5732|ParentID: 5092|Cristiane)
################## | Autorun |
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Reparado ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 0
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{018be851-7954-11e3-aa30-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{5ad13eec-386d-11e3-996d-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{c90e759d-abfc-11e2-ae4e-806e6f6e6963}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | C:\ %SystemDrive% - Disco fixo (NTFS) |
[11/01/2014 - 21:23:32 | N | 3 Ko] - C:\log.txt
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[22/05/2014 - 22:53:50 | ASH | 2504088 Ko] - C:\hiberfil.sys
[22/05/2014 - 22:53:55 | ASH | 3338788 Ko] - C:\pagefile.sys
[01/10/2013 - 18:19:26 | N | 120 Ko] - C:\Acknowledgements.rtf
[08/12/2013 - 12:33:45 | D] - C:\iTunes.Resources
[08/12/2013 - 12:33:46 | D] - C:\iTunesHelper.Resources
[08/12/2013 - 12:33:47 | D] - C:\iTunesMiniPlayer.Resources
[01/10/2013 - 18:15:34 | N | 110 Ko] - C:\ITDetector.ocx
[22/05/2014 - 23:00:07 | D] - C:\Config.Msi
[15/08/2013 - 17:09:48 | N | 0 Ko] - C:\.mp4
[17/08/2013 - 14:55:56 | N | 0 Ko] - C:\.mp3
[17/08/2013 - 14:56:09 | N | 0 Ko] - C:\[1].mp3
[14/03/2014 - 21:35:30 | N | 3 Ko] - C:\fraglist.luar
[22/05/2014 - 16:38:35 | N | 39 Ko] - C:\zoek-results2014-05-22-193835.log
[22/05/2014 - 19:56:42 | N | 20 Ko] - C:\zoek-results2014-05-22-225642.log
[22/05/2014 - 20:12:41 | N | 3 Ko] - C:\zoek-results2014-05-22-231241.log
[22/05/2014 - 20:17:48 | N | 1 Ko] - C:\zoek-results.log
[02/04/2014 - 17:38:46 | N | 0 Ko] - C:\Archive.ini
[02/11/2013 - 00:29:44 | N | 9560 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/53)] - C:\iTunes.exe
[02/11/2013 - 00:29:44 | N | 149 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/53)] - C:\iTunesHelper.exe
[01/10/2013 - 18:15:32 | N | 1700 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/48)] - C:\iAdCore.dll
[02/11/2013 - 00:29:34 | N | 634 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/48)] - C:\iPodUpdaterExt.dll
[02/11/2013 - 00:29:34 | N | 758 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\gnsdk_sdkmanager.dll
[02/11/2013 - 00:29:34 | N | 215 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/42)] - C:\gnsdk_musicid.dll
[02/11/2013 - 00:29:34 | N | 2938 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/47)] - C:\gnsdk_dsp.dll
[02/11/2013 - 00:29:34 | N | 257 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/47)] - C:\gnsdk_submit.dll
[02/11/2013 - 00:29:36 | N | 24853 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunes.dll
[02/11/2013 - 00:29:44 | N | 396 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesAdmin.dll
[02/11/2013 - 00:29:44 | N | 115 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesMiniPlayer.dll
[02/11/2013 - 00:29:44 | N | 145 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesHelper.dll
[02/11/2013 - 00:29:46 | N | 286 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesOutlookAddIn.dll
[22/05/2014 - 16:38:42 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[23/04/2013 - 07:09:50 | D] - C:\Arquivos de Programas
[23/04/2013 - 07:09:50 | SHD] - C:\Recovery
[23/04/2013 - 07:12:15 | D] - C:\Users
[23/04/2013 - 18:27:01 | RHD] - C:\MSOCache
[20/08/2013 - 01:42:48 | D] - C:\Intel
[08/12/2013 - 12:33:00 | D] - C:\CD Configuration
[08/12/2013 - 12:33:48 | D] - C:\Mozilla Plugins
[29/01/2014 - 18:48:00 | D] - C:\Documents
[06/03/2014 - 17:07:54 | N | 0 Ko] - C:\asc_rdflag
[22/05/2014 - 16:10:10 | D] - C:\AdwCleaner
[22/05/2014 - 19:54:56 | D] - C:\zoek_backup
[22/05/2014 - 19:54:56 | HD] - C:\ProgramData
[22/05/2014 - 22:56:58 | SHD] - C:\System Volume Information
[22/05/2014 - 22:59:47 | D] - C:\Windows
[22/05/2014 - 23:00:07 | D] - C:\Program Files
[22/05/2014 - 23:06:20 | D] - C:\UsbFix
################## | D:\ - Disco fixo (NTFS) |
[23/02/2014 - 14:21:53 | N | 10 Ko] - D:\English_Grammar_in_Use_Extra_content_InstallLog.log
[21/12/2011 - 07:34:38 | N | 94 Ko] - D:\Installation instructions.doc
[23/04/2013 - 20:09:22 | SHD] - D:\$RECYCLE.BIN
[23/04/2013 - 18:42:53 | SHD] - D:\System Volume Information
[25/05/2013 - 21:33:20 | D] - D:\aaaaHD SAMSUNG
[28/07/2013 - 23:38:26 | D] - D:\retiro pr vitor
[05/08/2013 - 21:53:27 | D] - D:\pinnacle
[08/12/2013 - 11:34:01 | D] - D:\Natan Dropbox
[01/02/2014 - 13:54:41 | D] - D:\Filmes HD
[23/02/2014 - 11:51:00 | D] - D:\temp
[23/02/2014 - 11:51:38 | D] - D:\English Grammar in Use Extra
[23/02/2014 - 11:51:59 | D] - D:\jre
[23/02/2014 - 14:21:53 | D] - D:\Uninstall_English Grammar in Use Extra content
[21/03/2014 - 18:00:05 | D] - D:\iPod Photo Cache
[17/04/2014 - 09:41:27 | D] - D:\BaiduDownloads
[17/04/2014 - 09:41:27 | D] - D:\Program files
[18/05/2014 - 20:08:31 | D] - D:\natane
[22/05/2014 - 16:21:42 | D] - D:\download
################## | Vaccin |
D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
Usuário: Cristiane (Administrador) # CRISTIANE-PC
Atualizado em 18/05/2014 por El Desaparecido - SosVirus
Começou em 23:07:58 | 22/05/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Asistencia : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Intel Corporation (DQ45CB)
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
RAM -> [Total : 3261 Mo| Free : 1784 Mo]
Bios: Intel Corp.
Boot: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 34.0.1847.137
WB: Mozilla Firefox : 26.0
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: avast! Antivirus [(!) Disabled]
FW: Windows FireWall [(!) Disabled]
C:\ (%SystemDrive%) -> Disco fixo # 293 Gb (129 Mb livre - 44%) [] # NTFS
D:\ -> Disco fixo # 1570 Gb (855 Mb livre - 54%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
################## | Processos parados |
C:\PROGRA~1\GbPlugin\gbpsv.exe (ID: 792|ParentID: 556)
C:\Windows\System32\spoolsv.exe (ID: 1624|ParentID: 556|SISTEMA)
C:\Windows\explorer.exe (ID: 1816|ParentID: 1800|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1928|ParentID: 556|Cristiane)
C:\Program Files\SUPERAntiSpyware\SASCore.exe (ID: 1992|ParentID: 556|SISTEMA)
C:\Windows\System32\AEADISRV.EXE (ID: 2012|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2040|ParentID: 556|SISTEMA)
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (ID: 416|ParentID: 556|SISTEMA)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 856|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 1844|ParentID: 556|SISTEMA)
C:\Windows\System32\hkcmd.exe (ID: 3188|ParentID: 1816|Cristiane)
C:\Windows\System32\igfxpers.exe (ID: 3220|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3388|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3404|ParentID: 1816|Cristiane)
C:\Windows\System32\SearchIndexer.exe (ID: 4032|ParentID: 556|SISTEMA)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1764|ParentID: 556|SERVIÇO DE REDE)
C:\Windows\System32\msiexec.exe (ID: 3344|ParentID: 556|SISTEMA)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076|ParentID: 1816|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2888|ParentID: 6076|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3164|ParentID: 6076|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1988|ParentID: 556|Cristiane)
C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe (ID: 5596|ParentID: 1892|Cristiane)
C:\Program Files\Windows Defender\MpCmdRun.exe (ID: 3120|ParentID: 3600|SERVIÇO DE REDE)
C:\Windows\System32\taskhost.exe (ID: 3736|ParentID: 556|SERVIÇO LOCAL)
C:\Windows\System32\notepad.exe (ID: 5732|ParentID: 5092|Cristiane)
################## | Autorun |
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Reparado ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 0
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{018be851-7954-11e3-aa30-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{5ad13eec-386d-11e3-996d-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{c90e759d-abfc-11e2-ae4e-806e6f6e6963}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | C:\ %SystemDrive% - Disco fixo (NTFS) |
[11/01/2014 - 21:23:32 | N | 3 Ko] - C:\log.txt
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[22/05/2014 - 22:53:50 | ASH | 2504088 Ko] - C:\hiberfil.sys
[22/05/2014 - 22:53:55 | ASH | 3338788 Ko] - C:\pagefile.sys
[01/10/2013 - 18:19:26 | N | 120 Ko] - C:\Acknowledgements.rtf
[08/12/2013 - 12:33:45 | D] - C:\iTunes.Resources
[08/12/2013 - 12:33:46 | D] - C:\iTunesHelper.Resources
[08/12/2013 - 12:33:47 | D] - C:\iTunesMiniPlayer.Resources
[01/10/2013 - 18:15:34 | N | 110 Ko] - C:\ITDetector.ocx
[22/05/2014 - 23:00:07 | D] - C:\Config.Msi
[15/08/2013 - 17:09:48 | N | 0 Ko] - C:\.mp4
[17/08/2013 - 14:55:56 | N | 0 Ko] - C:\.mp3
[17/08/2013 - 14:56:09 | N | 0 Ko] - C:\[1].mp3
[14/03/2014 - 21:35:30 | N | 3 Ko] - C:\fraglist.luar
[22/05/2014 - 16:38:35 | N | 39 Ko] - C:\zoek-results2014-05-22-193835.log
[22/05/2014 - 19:56:42 | N | 20 Ko] - C:\zoek-results2014-05-22-225642.log
[22/05/2014 - 20:12:41 | N | 3 Ko] - C:\zoek-results2014-05-22-231241.log
[22/05/2014 - 20:17:48 | N | 1 Ko] - C:\zoek-results.log
[02/04/2014 - 17:38:46 | N | 0 Ko] - C:\Archive.ini
[02/11/2013 - 00:29:44 | N | 9560 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/53)] - C:\iTunes.exe
[02/11/2013 - 00:29:44 | N | 149 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/53)] - C:\iTunesHelper.exe
[01/10/2013 - 18:15:32 | N | 1700 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/48)] - C:\iAdCore.dll
[02/11/2013 - 00:29:34 | N | 634 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/48)] - C:\iPodUpdaterExt.dll
[02/11/2013 - 00:29:34 | N | 758 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\gnsdk_sdkmanager.dll
[02/11/2013 - 00:29:34 | N | 215 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/42)] - C:\gnsdk_musicid.dll
[02/11/2013 - 00:29:34 | N | 2938 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/47)] - C:\gnsdk_dsp.dll
[02/11/2013 - 00:29:34 | N | 257 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/47)] - C:\gnsdk_submit.dll
[02/11/2013 - 00:29:36 | N | 24853 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunes.dll
[02/11/2013 - 00:29:44 | N | 396 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesAdmin.dll
[02/11/2013 - 00:29:44 | N | 115 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesMiniPlayer.dll
[02/11/2013 - 00:29:44 | N | 145 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesHelper.dll
[02/11/2013 - 00:29:46 | N | 286 Ko | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - (0/49)] - C:\iTunesOutlookAddIn.dll
[22/05/2014 - 16:38:42 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[23/04/2013 - 07:09:50 | D] - C:\Arquivos de Programas
[23/04/2013 - 07:09:50 | SHD] - C:\Recovery
[23/04/2013 - 07:12:15 | D] - C:\Users
[23/04/2013 - 18:27:01 | RHD] - C:\MSOCache
[20/08/2013 - 01:42:48 | D] - C:\Intel
[08/12/2013 - 12:33:00 | D] - C:\CD Configuration
[08/12/2013 - 12:33:48 | D] - C:\Mozilla Plugins
[29/01/2014 - 18:48:00 | D] - C:\Documents
[06/03/2014 - 17:07:54 | N | 0 Ko] - C:\asc_rdflag
[22/05/2014 - 16:10:10 | D] - C:\AdwCleaner
[22/05/2014 - 19:54:56 | D] - C:\zoek_backup
[22/05/2014 - 19:54:56 | HD] - C:\ProgramData
[22/05/2014 - 22:56:58 | SHD] - C:\System Volume Information
[22/05/2014 - 22:59:47 | D] - C:\Windows
[22/05/2014 - 23:00:07 | D] - C:\Program Files
[22/05/2014 - 23:06:20 | D] - C:\UsbFix
################## | D:\ - Disco fixo (NTFS) |
[23/02/2014 - 14:21:53 | N | 10 Ko] - D:\English_Grammar_in_Use_Extra_content_InstallLog.log
[21/12/2011 - 07:34:38 | N | 94 Ko] - D:\Installation instructions.doc
[23/04/2013 - 20:09:22 | SHD] - D:\$RECYCLE.BIN
[23/04/2013 - 18:42:53 | SHD] - D:\System Volume Information
[25/05/2013 - 21:33:20 | D] - D:\aaaaHD SAMSUNG
[28/07/2013 - 23:38:26 | D] - D:\retiro pr vitor
[05/08/2013 - 21:53:27 | D] - D:\pinnacle
[08/12/2013 - 11:34:01 | D] - D:\Natan Dropbox
[01/02/2014 - 13:54:41 | D] - D:\Filmes HD
[23/02/2014 - 11:51:00 | D] - D:\temp
[23/02/2014 - 11:51:38 | D] - D:\English Grammar in Use Extra
[23/02/2014 - 11:51:59 | D] - D:\jre
[23/02/2014 - 14:21:53 | D] - D:\Uninstall_English Grammar in Use Extra content
[21/03/2014 - 18:00:05 | D] - D:\iPod Photo Cache
[17/04/2014 - 09:41:27 | D] - D:\BaiduDownloads
[17/04/2014 - 09:41:27 | D] - D:\Program files
[18/05/2014 - 20:08:31 | D] - D:\natane
[22/05/2014 - 16:21:42 | D] - D:\download
################## | Vaccin |
D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
ZHPFix
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Cristiane at 22/05/2014 23:11:41
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (03mn 11s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ RunValue: tsnp2uvc.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (111) (1.755.058 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: {02F56846-D053-4F6F-8F8E-0BE72F9D1833}
ELIMINÉ: {5E6027CB-ABD1-47F4-9987-D641E4E55B0D}
ELIMINÉ: {8E9FB0FA-C9AC-4315-B979-0E238EC44B10}
ELIMINÉ: {9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}
ELIMINÉ: {B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}
ELIMINÉ: {B9CF45BE-1615-460D-ACD6-237E2043E66C}
ELIMINÉ: {FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
9 : Tarefa planificada
1 : Restauração Sistema
End of clean in 03mn 35s
========== Caminho do ficheiro do relatório ==========
C:\Users\Cristiane\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 23:14:52 [1572]
Fichier d'export Registre :
Run by Cristiane at 22/05/2014 23:11:41
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (03mn 11s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ RunValue: tsnp2uvc.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (111) (1.755.058 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: {02F56846-D053-4F6F-8F8E-0BE72F9D1833}
ELIMINÉ: {5E6027CB-ABD1-47F4-9987-D641E4E55B0D}
ELIMINÉ: {8E9FB0FA-C9AC-4315-B979-0E238EC44B10}
ELIMINÉ: {9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}
ELIMINÉ: {B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}
ELIMINÉ: {B9CF45BE-1615-460D-ACD6-237E2043E66C}
ELIMINÉ: {FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
9 : Tarefa planificada
1 : Restauração Sistema
End of clean in 03mn 35s
========== Caminho do ficheiro do relatório ==========
C:\Users\Cristiane\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 23:14:52 [1572]
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman (22/05/2014)
~ Iniciado por Cristiane (22/05/2014 23:20:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/643
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1436]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3328]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.172]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.376]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.4940]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.884]
[MD5.EEE470F2A771FC0B543BDEEF74FCECA0] - (.Microsoft Corporation - Windows® installer.) -- C:\Windows\system32\msiexec.exe [73216] [PID.348]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.5264]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.1648]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3180]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 279 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 216 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ----- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ----- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ----- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ----- . (...) -- C:\zoek-results.log [1140]
~ Files: 45 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 23 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 312977 Items scanned in 00mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s
~ 913 Legitimates filtered by white list
End of the scan (505 lines in 01mn 27s)(0)
~ Iniciado por Cristiane (22/05/2014 23:20:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/643
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1436]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3328]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.172]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.376]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.4940]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.884]
[MD5.EEE470F2A771FC0B543BDEEF74FCECA0] - (.Microsoft Corporation - Windows® installer.) -- C:\Windows\system32\msiexec.exe [73216] [PID.348]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.5264]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.1648]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3180]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 279 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 216 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ----- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ----- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ----- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ----- . (...) -- C:\zoek-results.log [1140]
~ Files: 45 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 23 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 312977 Items scanned in 00mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s
~ 913 Legitimates filtered by white list
End of the scan (505 lines in 01mn 27s)(0)
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
como está o PC?
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Antivirus está em meu PC!
Creio que está bom
Mas aceito todas as dicas possíveis pra varrer, melhorar e turbinar o pc haha
Mas aceito todas as dicas possíveis pra varrer, melhorar e turbinar o pc haha
natanalves- Membro
- Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014
Re: Baidu Antivirus está em meu PC!
Você quer instalar o Kaspersky neste PC, não é mesmo? Tente instalá-lo e nos diga se correu tudo certo com a instalação.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Tópicos semelhantes
» Como excluir Baidu Antivirus e Baidu PC Faster
» Baidu antivirus
» Baidu Antivirus...
» baidu antivirus
» Remover o baidu antivirus
» Baidu antivirus
» Baidu Antivirus...
» baidu antivirus
» Remover o baidu antivirus
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos