Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


Remoção do Baidu para instalar o Kaspersky

3 participantes

Página 1 de 2 1, 2  Seguinte

Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Remoção do Baidu para instalar o Kaspersky

Mensagem por dearley Qui 22 maio 2014, 18:07

Olá galera, sou novo no fórum e vi que existem muitos referentes a esse novo criado por mim, no entanto, só fiz isso para que cada qual siga com uma orientação mais direta, não confundindo assim os outros usuários presentes no mesmo tópico... Bom, segui todos os passos já descritos pelos moderadores, até o passo em que escrevemos uma linguagem no Zoek ("* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek") , o qual não sei fazer.. Como solicitado em todos os outros tópicos, segue o relatório do AdwCleaner ("poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt")

Segue:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# AdwCleaner v3.210 - Relatório criado 22/05/2014 às 17:27:47
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : Dearley - DEARLEY
# Executando de : C:\Users\Dearley\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Dearley\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Dearley\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\InstallCore

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Google Chrome v

[ Arquivo : C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1419 octets] - [22/05/2014 17:26:54]
AdwCleaner[S0].txt - [1267 octets] - [22/05/2014 17:27:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1327 octets] ##########
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 18:11

Remoção do Baidu para instalar o Kaspersky 648673379  Olá Dearley. Seja bem vindo ao Fórum PC Brasil.

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 maio 2014, 20:59, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por dearley Qui 22 maio 2014, 18:37

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Dearley on 22/05/2014 at 18:12:41.64.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dearley\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/05/2014 18:13:12 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Microsoft\Internet Explorer\SearchScopes\{45577081-58A2-4DC5-9B9A-B4E2CDC33E39} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\Users\Dearley\AppData\Roaming\unins000.exe deleted

==== Folders Found ======================

2014-05-22 20:27:53 2014-05-22 20:27:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 20:27:56 2014-05-22 20:27:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Dearley\AppData\Roaming\baidu
2014-05-22 20:27:56 2014-05-22 20:27:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Dearley\AppData\Roaming\baidu\Baidu Antivirus
2014-05-22 20:27:57 2014-05-22 20:27:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-19 00:10:32 2014-05-19 00:10:32 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-19 00:10:32 2014-05-19 00:10:32 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-19 00:08:36 2014-05-19 00:08:36 -------- d-----w- C:\Users\Dearley\AppData\Local\Temp\baidu_secure

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\PC Faster]

"E:\\Dearley\\PROGRAMAS\\CAD 2010 - 64bits\\Autodesk AutoCAD 2010 [64-bit]\\AAC2010_Keygen-64bits.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [22/05/2014 17:03]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
agbnjankikoaabjkmfbaceggjliabkbn - C:\Program Files (x86)\SafeKey\lpchrome.crx[21/05/2014 23:12]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[23/04/2014 17:50]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Dearley\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[19/05/2014 21:05]

Google Docs - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
GBBD Banco do Brasil - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Google Wallet - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Dearley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Dearley\Desktop\Dropbox.lnk - C:\Users\Dearley\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Dearley\Desktop\farcry3.lnk - C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe
C:\Users\Dearley\Desktop\Google Chrome.lnk - C:\Users\Dearley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dearley\Desktop\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk - C:\Program Files (x86)\AutoCAD 2010\acad.exe
C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\TeamViewer 7.lnk - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\Dearley\Documents
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\Dearley\Pictures
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Dearley\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Dearley\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Dearley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Dearley\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\Dearley\Documents
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\Dearley\Pictures
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\Dearley\Documents
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\Dearley\Pictures
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\Dearley\Documents
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\Dearley\Pictures

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-A90000000001}\SC_Reader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk - C:\Windows\FileManager\FileManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Attach Digital Signatures.lnk - C:\Program Files (x86)\AutoCAD 2010\AcSignApply.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\AutoCAD 2010 - English.lnk - C:\Windows\Installer\{5783F2D7-8001-0409-0102-0060B0CE6BBA}\Acad162_icon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Batch Standards Checker.lnk - C:\Program Files (x86)\AutoCAD 2010\DwgCheckStandards.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\License Transfer Utility (64-bit).lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\AdLM\R1\LTU.EXE 001B1 2010.0.0.F -d SA -l en-US
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Reference Manager.lnk - C:\Program Files (x86)\AutoCAD 2010\AdRefMan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Migrate Custom Settings\Export AutoCAD 2010 Settings.lnk - C:\Program Files (x86)\AutoCAD 2010\AdMigrator.exe /e
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Migrate Custom Settings\Import AutoCAD 2010 Settings.lnk - C:\Program Files (x86)\AutoCAD 2010\AdMigrator.exe /i
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2010\Migrate Custom Settings\Migrate From a Previous Release.lnk - C:\Program Files (x86)\AutoCAD 2010\AdMigrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Media Suite Essentials.lnk - C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink LabelPrint 2.5\CyberLink LabelPrint 2.5.lnk - C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\CyberLink Power2Go 8.lnk - C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\Desktop Burning Gadget.lnk - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\ISO Viewer.lnk - C:\Program Files (x86)\CyberLink\Power2Go8\IsoViewer8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\Virtual Drive.lnk - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink PowerDirector 10\PowerDirector 10.lnk - C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk - C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Backup and Recovery.lnk - C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Digital Delivery.lnk - C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk - C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\My Dell.lnk - C:\Program Files\My Dell\pcdlauncher.exe -lloc dsc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\PC Checkup.lnk - C:\Program Files\My Dell\pcdlauncher.exe -startingpage pccheckup -lloc pccheckup
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio\Dell Audio.lnk - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Euro Truck Simulator 2 Manual.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Euro Truck Simulator 2.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - DirectX.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\troubleshoot_dx9.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - OpenGL.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\troubleshoot_gl.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2\Troubleshooting\Troubleshooting - Safe mode.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\troubleshoot_safe.cmd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) HD Graphics Control Panel.lnk - C:\Windows\system32\igfxstarter.exe Metro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\All options.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Generate log with system information.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage ACM and VFW codecs.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=codec_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage DirectShow filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=dsfilter_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage preferred DirectShow source filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow DXVA video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax",configureDXVA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid encoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\xvidvfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install SafeKey IE RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe -p -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Dearley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Dearley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Dearley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dearley\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Dearley\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=2 815502 bytes)

==== Empty Temp Folders ======================

C:\Users\Dearley\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dearley\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 22/05/2014 at 18:33:11.66 ======================
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Próximo passo...

Mensagem por dearley Qui 22 maio 2014, 18:53

Feito isso, qual o próximo passo?
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Danii Qui 22 maio 2014, 19:01

Peço que aguarde por favor.
Seu log está sendo analisado.
Em breve será postado os próximos procedimentos.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 19:15

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 maio 2014, 20:58, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Log Zoek 1

Mensagem por dearley Qui 22 maio 2014, 19:58

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Dearley on 22/05/2014 at 19:55:26.19.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dearley\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-213311.log 33149 bytes
C:\zoek-results2014-05-22-223700.log 5850 bytes

==== System Restore Info ======================

22/05/2014 19:56:13 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"rcloud"=-
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-

==== Deleting Files \ Folders ======================

C:\ProgramData\Baidu Security not found
C:\Users\All Users\Baidu Security not found
C:\Users\Dearley\AppData\Local\Temp\baidu_secure not found

==== Folders Found ======================

2014-05-22 20:27:53 2014-05-22 20:27:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 20:27:56 2014-05-22 20:27:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Dearley\AppData\Roaming\baidu
2014-05-22 20:27:56 2014-05-22 20:27:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Dearley\AppData\Roaming\baidu\Baidu Antivirus
2014-05-22 20:27:57 2014-05-22 20:27:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-22 22:35:29 2014-05-22 22:35:29 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-22 22:35:29 2014-05-22 22:35:29 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]

"E:\\Dearley\\PROGRAMAS\\CAD 2010 - 64bits\\Autodesk AutoCAD 2010 [64-bit]\\AAC2010_Keygen-64bits.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 844256 bytes)

==== EOF on 22/05/2014 at 19:57:59.95 ======================


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Aguardando próximos passos...
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 20:13

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 maio 2014, 21:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Log Zoek 2

Mensagem por dearley Qui 22 maio 2014, 20:40


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Dearley on 22/05/2014 at 20:38:56.33.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dearley\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-213311.log 33149 bytes
C:\zoek-results2014-05-22-223700.log 5850 bytes
C:\zoek-results2014-05-22-225759.log 5701 bytes

==== System Restore Info ======================

22/05/2014 20:39:12 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]

"E:\\Dearley\\PROGRAMAS\\CAD 2010 - 64bits\\Autodesk AutoCAD 2010 [64-bit]\\AAC2010_Keygen-64bits.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 844256 bytes)

==== EOF on 22/05/2014 at 20:39:49.12 ======================


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 20:57

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 maio 2014, 21:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) Log Zoek 3

Mensagem por dearley Qui 22 maio 2014, 21:07

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Dearley on 22/05/2014 at 21:05:25.64.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dearley\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-213311.log 33149 bytes
C:\zoek-results2014-05-22-223700.log 5850 bytes
C:\zoek-results2014-05-22-225759.log 5701 bytes
C:\zoek-results2014-05-22-233949.log 1971 bytes

==== System Restore Info ======================

22/05/2014 21:05:49 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security\Antivirus]

==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-535402597-716444731-2734260214-1002\Software\Baidu Security]

"E:\\Dearley\\PROGRAMAS\\CAD 2010 - 64bits\\Autodesk AutoCAD 2010 [64-bit]\\AAC2010_Keygen-64bits.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 844256 bytes)

==== EOF on 22/05/2014 at 21:06:25.93 ======================
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 21:08

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) Junkware Removal tool

Mensagem por dearley Qui 22 maio 2014, 21:25

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Dearley on 22/05/2014 at 21:14:51.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2014 at 21:22:17.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 21:26

Remoção do Baidu para instalar o Kaspersky 772309 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) ZHPDiag

Mensagem por dearley Qui 22 maio 2014, 21:38

~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman  (22/05/2014)
~ Iniciado por Dearley (22/05/2014 21:33:34)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit  (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Reader 9 - Português
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8096.4 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 671 GB (72%) free of 921 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DEARLEY
~ User Name: Dearley
~ All Users Names: HomeGroupUser$, Dearley, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dearley\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dearley\AppData\Roaming\
~ %Desktop% : C:\Users\Dearley\Desktop\
~ %Favorites% : C:\Users\Dearley\Favorites\
~ %LocalAppData% : C:\Users\Dearley\AppData\Local\
~ %StartMenu% : C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 671 Go of 921 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 1 Go)
Y: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/05/2014 - 18:27:54.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/03/2014 - 06:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.22/08/2013 - 20:00:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/05/2014 - 18:27:47.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4016
~ Mes Videos (My Videos) : 1/1302
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/35473
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/35
~ Hidden Files:  Scanned in 00mn 43s



---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe   [2199840] [PID.3532]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.5232]
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Dearley\AppData\Roaming\Dropbox\bin\Dropbox.exe   [32668056] [PID.5336]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe   [228552] [PID.5344]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.5576]
[MD5.2B53B1D8AC05D7CD83383DCD905790F1] - (.CompSoft - DoroServer.) -- C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe   [200704] [PID.5648]
[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe   [110144] [PID.220]
[MD5.8F2191F9BB434069C866D7A62CBEF592] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe   [733680] [PID.3992]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [287592] [PID.1336]
[MD5.150BB63D132E6F3D83692A74D61BCF75] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe   [490344] [PID.3280]
[MD5.74A964A5060AE4DC23242092480C67C2] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe   [4136976] [PID.3164]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7876608] [PID.1804]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [agbnjankikoaabjkmfbaceggjliabkbn] McAfee SafeKey v.2.1.8, (Désactivé)
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dearley\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: McAfee SafeKey - [HKLM]{61D700C1-7D8D-43c5-9C13-4FF85157CFE6} . (.McAfee - McAfee SafeKey.) -- C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll  =>Adware.Incredibar
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\TaskBar [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [RtHDVBg_PushButton] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe   =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [DoroServer] . (.CompSoft - DoroServer.) -- C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
O4 - HKUS\S-1-5-21-535402597-716444731-2734260214-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-535402597-716444731-2734260214-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: McAfee SafeKey [64Bits] - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.McAfee - McAfee SafeKey.) -- C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll  =>Adware.Incredibar
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{33857911-E367-4CDF-87DC-8E85C449DA19}: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{33857911-E367-4CDF-87DC-8E85C449DA19}: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 331.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 29 Legitimates Filtered in 00mn 07s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
~ Drivers: 38 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKCU\Software\SafeKey]
[HKCU\Software\smartWrapper]
[HKLM\Software\Baidu Security]
[HKLM\Software\SafeKey]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 223 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2014 - 23:13:26 - [] ----D C:\Program Files (x86)\SafeKey
~ Program Folder: 145 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.FD38110D56A578FF2DC4B521EBA2C1D7] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwaves40.dat   [188498]
O44 - LFC:[MD5.F2ED8D7665256DB2CD113F90C65D835E] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesskdy.dat   [849522]
O44 - LFC:[MD5.BB20993DBF55A473D43BC6C6D0CB4CDC] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesvpcap.dat   [18876]
O44 - LFC:[MD5.9A97553FC79E6A080353493C2DA6A937] - 13/05/2014 - 14:14:14 ---A- . (...) -- C:\Windows\DPINST.LOG   [6640]
O44 - LFC:[MD5.DF70B8E66838D5D6E74EADEC87DF1566] - 13/05/2014 - 14:14:14 ---A- . (...) -- C:\Windows\Synaptics.log   [1314]
O44 - LFC:[MD5.8C5B59A8C7880CFA51D8B4D2BD1679C9] - 13/05/2014 - 14:14:35 ---A- . (...) -- C:\Windows\System32\nvinfo.pb   [23287]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 13/05/2014 - 14:16:00 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin   [3426956]
O44 - LFC:[MD5.165CF0ED7F316EB396899D41CFBBF40F] - 13/05/2014 - 14:18:02 ----- . (...) -- C:\Windows\System32\athwbx.cat   [11307]
O44 - LFC:[MD5.7A954D6EEBA50829DBCD062A1A5D13AA] - 13/05/2014 - 14:18:03 ----- . (...) -- C:\Windows\System32\athwbx.inf   [22858]
O44 - LFC:[MD5.A6327C0AC733CCCF5040466AABF798D4] - 13/05/2014 - 14:23:27 ---A- . (...) -- C:\Windows\System32\results.xml   [16330]
O44 - LFC:[MD5.2AE64F3DE5E074D53D32949DAD4F330F] - 13/05/2014 - 14:44:18 ---A- . (...) -- C:\Windows\System32\DISMLog.log   [47523]
O44 - LFC:[MD5.6F007AC7C684482E5FF3FB278C0E73E1] - 13/05/2014 - 14:54:58 ---A- . (...) -- C:\Windows\DtcInstall.log   [1955]
O44 - LFC:[MD5.9FB40FD4BCE72816E785CBA669032BB1] - 13/05/2014 - 17:21:43 ---A- . (...) -- C:\Windows\csup.txt   [12]
O44 - LFC:[MD5.5D5F59F8A0317C0E12FAA94A118EDF44] - 13/05/2014 - 17:27:47 ---A- . (...) -- C:\Windows\System32\Drivers\1028_Dell_INS_OAK14_HSW.mrk   [3062]
O44 - LFC:[MD5.60E6C68CB0B797EDD0386A68526935A4] - 13/05/2014 - 17:33:08 ---A- . (...) -- C:\Windows\System32\CustomModeApp.exe.config   [935]
O44 - LFC:[MD5.60E6C68CB0B797EDD0386A68526935A4] - 13/05/2014 - 17:33:09 ---A- . (...) -- C:\Windows\System32\DPTopologyApp.exe.config   [935]
O44 - LFC:[MD5.6B11ADB0EDB04C500F26149D2AAE2CF4] - 13/05/2014 - 17:33:10 ---A- . (.No owner - GfxRes.) -- C:\Windows\System32\GfxRes.dll   [2384896]
O44 - LFC:[MD5.121619AD32134152616088673078F931] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\GfxUIEx.exe.config   [1806]
O44 - LFC:[MD5.E7E191FAF788F644747A7C2F2EC35656] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\GfxUIHotKeyMenu.exe.config   [264]
O44 - LFC:[MD5.105CFE016CCB20175BEACEC146F175AB] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\IccLibDll_x64.dll   [94208]
O44 - LFC:[MD5.C1A06B391F528141326CCDEBA1D3847B] - 13/05/2014 - 17:33:16 ---A- . (...) -- C:\Windows\System32\igdail64.dll   [160256]
O44 - LFC:[MD5.C39F2981B3D91CEF52E8FBE8FC4C9D69] - 13/05/2014 - 17:33:16 ---A- . (...) -- C:\Windows\System32\igdde64.dll   [222208]
O44 - LFC:[MD5.DEE4395E829099B6A94DD90D8E11805E] - 13/05/2014 - 17:33:21 ---A- . (...) -- C:\Windows\System32\igdmd64.dll   [372224]
O44 - LFC:[MD5.0BA335169651B3C2D42323C3B935259F] - 13/05/2014 - 17:33:24 ---A- . (...) -- C:\Windows\System32\IGFXDEVLib.dll   [12288]
O44 - LFC:[MD5.6C0F36ABFE80433B352FA7748ED887BF] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxa64.cpa   [2813952]
O44 - LFC:[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxa64.vp   [1125]
O44 - LFC:[MD5.B226B85123619EF1394339C1B5EB5A8D] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxc64.vp   [43494]
O44 - LFC:[MD5.55C71EDC47B57E5115B40095EEC9E205] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxc64_dev.vp   [43816]
O44 - LFC:[MD5.94ED4F871997E5DFC610DC1649C38911] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxg64.vp   [43256]
O44 - LFC:[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxg64_dev.vp   [43298]
O44 - LFC:[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxo64.vp   [44025]
O44 - LFC:[MD5.715DBDBED4599E798F94EDF6003F75B6] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxo64_dev.vp   [42079]
O44 - LFC:[MD5.35D603D71AAC8CF98F0C1ED6F10844B5] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxs64.vp   [2932]
O44 - LFC:[MD5.D364ED2E8CA42D79EDFE8B3BB878E22D] - 13/05/2014 - 17:37:04 ---A- . (.Waves Audio - MaxxAudioVienna2.) -- C:\Windows\System32\MaxxAudioVienna264.dll   [194816]
O44 - LFC:[MD5.BEF1F2FD2561A8C69E4891EBE86A1D85] - 13/05/2014 - 17:37:12 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [676825]
O44 - LFC:[MD5.1EF2A77F3F4951CC25EEEA882376A769] - 13/05/2014 - 17:37:16 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat   [5681192]
O44 - LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] - 13/05/2014 - 18:27:49 ---A- . (...) -- C:\Windows\System32\srms.dat   [50053]
O44 - LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - 13/05/2014 - 18:27:49 ---A- . (...) -- C:\Windows\System32\systemsf.ebd   [139600]
O44 - LFC:[MD5.DE461B86C05946D10E519F512D09E389] - 13/05/2014 - 18:27:51 ---A- . (...) -- C:\Windows\System32\RacRules.xml   [100197]
O44 - LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] - 13/05/2014 - 18:27:51 ---A- . (...) -- C:\Windows\System32\WimBootCompress.ini   [2255]
O44 - LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms   [11109]
O44 - LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-suggestions.searchconnector-ms   [7762]
O44 - LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-zeroinput.searchconnector-ms   [7130]
O44 - LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] - 13/05/2014 - 18:28:17 ---A- . (...) -- C:\Windows\System32\dfpinc.dat   [262335]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 13/05/2014 - 18:29:31 -SH-- . (...) -- C:\Windows\System32\desktop.ini   [75]
O44 - LFC:[MD5.2CE4017837607253F1A38C53A1EA7BD5] - 13/05/2014 - 18:36:49 R-HA- . (...) -- C:\dell.sdr   [32690]
O44 - LFC:[MD5.F60BB7489BDDA351360C95AE94290376] - 16/05/2014 - 23:35:46 --HA- . (...) -- C:\DBAR_Ver.txt   [114]
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 18/05/2014 - 21:14:59 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [387210]
O44 - LFC:[MD5.E711DE76EF8430545C6052E2B98B81C0] - 19/05/2014 - 22:41:18 ---A- . (...) -- C:\Windows\win.ini   [199]
O44 - LFC:[MD5.691EF5966CE866B766CE00BECFCFA589] - 21/05/2014 - 23:11:39 ---A- . (...) -- C:\Windows\System32\Drivers\mfencbdc.inf   [5442]
O44 - LFC:[MD5.12F0F8D3F84FAB8F31D073286FE131CB] - 21/05/2014 - 23:11:39 ---A- . (...) -- C:\Windows\System32\Drivers\mfencrk.inf   [2641]
O44 - LFC:[MD5.23641B51BB959027A5B397A812466E2E] - 21/05/2014 - 23:38:55 ---A- . (...) -- C:\Windows\DirectX.log   [35484]
O44 - LFC:[MD5.76A55191F4C2218D6F124F85C9C6AF83] - 22/05/2014 - 17:20:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [159030]
O44 - LFC:[MD5.1EB3BD92F427FB0979E6091C84231CF8] - 22/05/2014 - 17:20:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [775938]
O44 - LFC:[MD5.39F6A6B0D2360A1DB675E88ADA4B11A6] - 22/05/2014 - 18:33:11 ---A- . (...) -- C:\zoek-results2014-05-22-213311.log   [33149]
O44 - LFC:[MD5.CB828B9C3D9EDB078C61793A337AA797] - 22/05/2014 - 19:57:59 ---A- . (...) -- C:\zoek-results2014-05-22-225759.log   [5701]
O44 - LFC:[MD5.9560D51D2B1887DEB99EA2326A62E2D3] - 22/05/2014 - 20:39:49 ---A- . (...) -- C:\zoek-results2014-05-22-233949.log   [1971]
O44 - LFC:[MD5.4E83A80DAE057A49B1E2756231EEA461] - 22/05/2014 - 21:06:25 ---A- . (...) -- C:\zoek-results.log   [1608]
~ Files: 1043 Legitimates Filtered in 02mn 27s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
~ Drivers: 71 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.55765F688271F6159BBCB53FB2D7EB73] [SPRF][16/05/2014] (...) -- C:\Users\Dearley\AppData\Roaming\unins000.dat   [31540]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{4EEB2788-5AD1-4BB8-B8A5-5C15E17921ED}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{61AE919B-AD85-4579-8756-664310912E69}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewebget_RASAPI32  =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewebget_RASMANCS  =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwebget_RASAPI32  =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwebget_RASMANCS  =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_RASAPI32  =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_RASMANCS  =>PUP.WebGet
~ BTK: 48 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/11/2013 279024 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14/01/2014 149496 |  (DellUpdate) . (.Dell Inc..) - C:\Program Files (x86)\Dell Update\DellUpService.exe
SS - | Demand 16/05/2014 1030600 |  (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 11/05/2013 822232 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Demand 02/08/2013 602944 |  (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 03/04/2014 315008 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 17/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 04/09/2013 312448 |  (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 13/01/2014 198664 |  (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SR - | Auto 21/02/2014 519720 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 30/07/2013 328928 |  (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 07/08/2013 15720 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/05/2013 733696 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 03/09/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 03/09/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/07/2013 328928 |  (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 |  (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 |  (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 1041192 |  (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 219752 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 189912 |  (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 |  (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/04/2014 1618888 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 23/10/2013 922912 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 30/07/2013 253776 |  (RichVideo) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 16/10/2013 289496 |  (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 21/11/2013 1915920 |  (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
SR - | Auto 31/08/2012 2754984 |  (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}   =>Adware.Incredibar^
~ Additionnel Scan: 310532 Items scanned in 00mn 28s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Incredibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.WebGet
~ MSI: 3 link(s) detected in 00mn 00s



~ 1645 Legitimates filtered by white list
End of the scan (508 lines in 04mn 36s)(0)
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 21:49

Remoção do Baidu para instalar o Kaspersky 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________

Remoção do Baidu para instalar o Kaspersky 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Remoção do Baidu para instalar o Kaspersky 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sex 23 maio 2014, 10:27, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) ZHPFix

Mensagem por dearley Qui 22 maio 2014, 21:55

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dearley at 22/05/2014 21:53:47
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (Cancelado pelo utilizador)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewebget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatewebget_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwebget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilwebget_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_RASMANCS

========== Valores do Registo ==========
ELIMINÉ RunValue: Nvtmru
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (118) (1,805,749 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã


========== Recapitulativo ==========
9 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
2 : Outros


End of clean in 00mn 07s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dearley\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 21:53:50 [1868]

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Após todo esse procedimento, será que consigo instalar meu Kaspersky? Essa última etapa é apenas para deixar o PC mais rápido? Não exclui os arquivos da lixeira porque não julguei necessário.
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 21:57

Já estamos quase acabando.

Remoção do Baidu para instalar o Kaspersky 772309 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) ZHPDiag 1

Mensagem por dearley Qui 22 maio 2014, 22:01

~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman  (22/05/2014)
~ Iniciado por Dearley (22/05/2014 21:59:46)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit  (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Reader 9 - Português
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8096.4 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 671 GB (72%) free of 921 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DEARLEY
~ User Name: Dearley
~ All Users Names: HomeGroupUser$, Dearley, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dearley\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dearley\AppData\Roaming\
~ %Desktop% : C:\Users\Dearley\Desktop\
~ %Favorites% : C:\Users\Dearley\Favorites\
~ %LocalAppData% : C:\Users\Dearley\AppData\Local\
~ %StartMenu% : C:\Users\Dearley\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 671 Go of 921 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 1 Go)
Y: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/05/2014 - 18:27:53.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/05/2014 - 18:27:54.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/03/2014 - 06:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.22/08/2013 - 20:00:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/05/2014 - 18:27:47.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4016
~ Mes Videos (My Videos) : 1/1302
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/35473
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/35
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe   [2199840] [PID.3532]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.5232]
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Dearley\AppData\Roaming\Dropbox\bin\Dropbox.exe   [32668056] [PID.5336]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe   [228552] [PID.5344]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.5576]
[MD5.2B53B1D8AC05D7CD83383DCD905790F1] - (.CompSoft - DoroServer.) -- C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe   [200704] [PID.5648]
[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe   [110144] [PID.220]
[MD5.8F2191F9BB434069C866D7A62CBEF592] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe   [733680] [PID.3992]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [287592] [PID.1336]
[MD5.150BB63D132E6F3D83692A74D61BCF75] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.exe   [490344] [PID.3280]
[MD5.74A964A5060AE4DC23242092480C67C2] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe   [4136976] [PID.3164]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Dearley\AppData\Local\Google\Chrome\Application\chrome.exe   [860488] [PID.7164]
[MD5.27694C03ED9074E867A1C50B558E49DB] - (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe   [383504] [PID.5964]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7876608] [PID.2316]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dearley\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [agbnjankikoaabjkmfbaceggjliabkbn] McAfee SafeKey v.2.1.8, (Désactivé)
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dearley\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
O3 - Toolbar: McAfee SafeKey - [HKLM]{61D700C1-7D8D-43c5-9C13-4FF85157CFE6} . (.McAfee - McAfee SafeKey.) -- C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll  =>Adware.Incredibar
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\TaskBar [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [Dearley]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [RtHDVBg_PushButton] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe   =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [DoroServer] . (.CompSoft - DoroServer.) -- C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã
O4 - HKUS\S-1-5-21-535402597-716444731-2734260214-1002\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Dearley\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-535402597-716444731-2734260214-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: McAfee SafeKey [64Bits] - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.McAfee - McAfee SafeKey.) -- C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll  =>Adware.Incredibar
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{33857911-E367-4CDF-87DC-8E85C449DA19}: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{33857911-E367-4CDF-87DC-8E85C449DA19}: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F394EF8-F3DA-4E55-ADE4-E48B0A489E62}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.94 201.17.0.62 201.6.4.116
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 331.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 29 Legitimates Filtered in 00mn 05s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\SafeKey]
[HKCU\Software\smartWrapper]
[HKLM\Software\SafeKey]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 221 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/05/2014 - 23:13:26 - [] ----D C:\Program Files (x86)\SafeKey
~ Program Folder: 145 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.FD38110D56A578FF2DC4B521EBA2C1D7] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwaves40.dat   [188498]
O44 - LFC:[MD5.F2ED8D7665256DB2CD113F90C65D835E] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesskdy.dat   [849522]
O44 - LFC:[MD5.BB20993DBF55A473D43BC6C6D0CB4CDC] - 13/05/2014 - 14:11:23 ---A- . (...) -- C:\Windows\System32\Drivers\rtwavesvpcap.dat   [18876]
O44 - LFC:[MD5.9A97553FC79E6A080353493C2DA6A937] - 13/05/2014 - 14:14:14 ---A- . (...) -- C:\Windows\DPINST.LOG   [6640]
O44 - LFC:[MD5.DF70B8E66838D5D6E74EADEC87DF1566] - 13/05/2014 - 14:14:14 ---A- . (...) -- C:\Windows\Synaptics.log   [1314]
O44 - LFC:[MD5.8C5B59A8C7880CFA51D8B4D2BD1679C9] - 13/05/2014 - 14:14:35 ---A- . (...) -- C:\Windows\System32\nvinfo.pb   [23287]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 13/05/2014 - 14:16:00 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin   [3426956]
O44 - LFC:[MD5.165CF0ED7F316EB396899D41CFBBF40F] - 13/05/2014 - 14:18:02 ----- . (...) -- C:\Windows\System32\athwbx.cat   [11307]
O44 - LFC:[MD5.7A954D6EEBA50829DBCD062A1A5D13AA] - 13/05/2014 - 14:18:03 ----- . (...) -- C:\Windows\System32\athwbx.inf   [22858]
O44 - LFC:[MD5.A6327C0AC733CCCF5040466AABF798D4] - 13/05/2014 - 14:23:27 ---A- . (...) -- C:\Windows\System32\results.xml   [16330]
O44 - LFC:[MD5.2AE64F3DE5E074D53D32949DAD4F330F] - 13/05/2014 - 14:44:18 ---A- . (...) -- C:\Windows\System32\DISMLog.log   [47523]
O44 - LFC:[MD5.6F007AC7C684482E5FF3FB278C0E73E1] - 13/05/2014 - 14:54:58 ---A- . (...) -- C:\Windows\DtcInstall.log   [1955]
O44 - LFC:[MD5.9FB40FD4BCE72816E785CBA669032BB1] - 13/05/2014 - 17:21:43 ---A- . (...) -- C:\Windows\csup.txt   [12]
O44 - LFC:[MD5.5D5F59F8A0317C0E12FAA94A118EDF44] - 13/05/2014 - 17:27:47 ---A- . (...) -- C:\Windows\System32\Drivers\1028_Dell_INS_OAK14_HSW.mrk   [3062]
O44 - LFC:[MD5.60E6C68CB0B797EDD0386A68526935A4] - 13/05/2014 - 17:33:08 ---A- . (...) -- C:\Windows\System32\CustomModeApp.exe.config   [935]
O44 - LFC:[MD5.60E6C68CB0B797EDD0386A68526935A4] - 13/05/2014 - 17:33:09 ---A- . (...) -- C:\Windows\System32\DPTopologyApp.exe.config   [935]
O44 - LFC:[MD5.6B11ADB0EDB04C500F26149D2AAE2CF4] - 13/05/2014 - 17:33:10 ---A- . (.No owner - GfxRes.) -- C:\Windows\System32\GfxRes.dll   [2384896]
O44 - LFC:[MD5.121619AD32134152616088673078F931] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\GfxUIEx.exe.config   [1806]
O44 - LFC:[MD5.E7E191FAF788F644747A7C2F2EC35656] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\GfxUIHotKeyMenu.exe.config   [264]
O44 - LFC:[MD5.105CFE016CCB20175BEACEC146F175AB] - 13/05/2014 - 17:33:12 ---A- . (...) -- C:\Windows\System32\IccLibDll_x64.dll   [94208]
O44 - LFC:[MD5.C1A06B391F528141326CCDEBA1D3847B] - 13/05/2014 - 17:33:16 ---A- . (...) -- C:\Windows\System32\igdail64.dll   [160256]
O44 - LFC:[MD5.C39F2981B3D91CEF52E8FBE8FC4C9D69] - 13/05/2014 - 17:33:16 ---A- . (...) -- C:\Windows\System32\igdde64.dll   [222208]
O44 - LFC:[MD5.DEE4395E829099B6A94DD90D8E11805E] - 13/05/2014 - 17:33:21 ---A- . (...) -- C:\Windows\System32\igdmd64.dll   [372224]
O44 - LFC:[MD5.0BA335169651B3C2D42323C3B935259F] - 13/05/2014 - 17:33:24 ---A- . (...) -- C:\Windows\System32\IGFXDEVLib.dll   [12288]
O44 - LFC:[MD5.6C0F36ABFE80433B352FA7748ED887BF] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxa64.cpa   [2813952]
O44 - LFC:[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxa64.vp   [1125]
O44 - LFC:[MD5.B226B85123619EF1394339C1B5EB5A8D] - 13/05/2014 - 17:33:28 ---A- . (...) -- C:\Windows\System32\iglhxc64.vp   [43494]
O44 - LFC:[MD5.55C71EDC47B57E5115B40095EEC9E205] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxc64_dev.vp   [43816]
O44 - LFC:[MD5.94ED4F871997E5DFC610DC1649C38911] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxg64.vp   [43256]
O44 - LFC:[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxg64_dev.vp   [43298]
O44 - LFC:[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxo64.vp   [44025]
O44 - LFC:[MD5.715DBDBED4599E798F94EDF6003F75B6] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxo64_dev.vp   [42079]
O44 - LFC:[MD5.35D603D71AAC8CF98F0C1ED6F10844B5] - 13/05/2014 - 17:33:29 ---A- . (...) -- C:\Windows\System32\iglhxs64.vp   [2932]
O44 - LFC:[MD5.D364ED2E8CA42D79EDFE8B3BB878E22D] - 13/05/2014 - 17:37:04 ---A- . (.Waves Audio - MaxxAudioVienna2.) -- C:\Windows\System32\MaxxAudioVienna264.dll   [194816]
O44 - LFC:[MD5.BEF1F2FD2561A8C69E4891EBE86A1D85] - 13/05/2014 - 17:37:12 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [676825]
O44 - LFC:[MD5.1EF2A77F3F4951CC25EEEA882376A769] - 13/05/2014 - 17:37:16 ---A- . (...) -- C:\Windows\System32\Drivers\rtvienna.dat   [5681192]
O44 - LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] - 13/05/2014 - 18:27:49 ---A- . (...) -- C:\Windows\System32\srms.dat   [50053]
O44 - LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - 13/05/2014 - 18:27:49 ---A- . (...) -- C:\Windows\System32\systemsf.ebd   [139600]
O44 - LFC:[MD5.DE461B86C05946D10E519F512D09E389] - 13/05/2014 - 18:27:51 ---A- . (...) -- C:\Windows\System32\RacRules.xml   [100197]
O44 - LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] - 13/05/2014 - 18:27:51 ---A- . (...) -- C:\Windows\System32\WimBootCompress.ini   [2255]
O44 - LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms   [11109]
O44 - LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-suggestions.searchconnector-ms   [7762]
O44 - LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] - 13/05/2014 - 18:27:59 ---A- . (...) -- C:\Windows\System32\connectedsearch-zeroinput.searchconnector-ms   [7130]
O44 - LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] - 13/05/2014 - 18:28:17 ---A- . (...) -- C:\Windows\System32\dfpinc.dat   [262335]
O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 13/05/2014 - 18:29:31 -SH-- . (...) -- C:\Windows\System32\desktop.ini   [75]
O44 - LFC:[MD5.2CE4017837607253F1A38C53A1EA7BD5] - 13/05/2014 - 18:36:49 R-HA- . (...) -- C:\dell.sdr   [32690]
O44 - LFC:[MD5.F60BB7489BDDA351360C95AE94290376] - 16/05/2014 - 23:35:46 --HA- . (...) -- C:\DBAR_Ver.txt   [114]
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 18/05/2014 - 21:14:59 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [387210]
O44 - LFC:[MD5.E711DE76EF8430545C6052E2B98B81C0] - 19/05/2014 - 22:41:18 ---A- . (...) -- C:\Windows\win.ini   [199]
O44 - LFC:[MD5.691EF5966CE866B766CE00BECFCFA589] - 21/05/2014 - 23:11:39 ---A- . (...) -- C:\Windows\System32\Drivers\mfencbdc.inf   [5442]
O44 - LFC:[MD5.12F0F8D3F84FAB8F31D073286FE131CB] - 21/05/2014 - 23:11:39 ---A- . (...) -- C:\Windows\System32\Drivers\mfencrk.inf   [2641]
O44 - LFC:[MD5.23641B51BB959027A5B397A812466E2E] - 21/05/2014 - 23:38:55 ---A- . (...) -- C:\Windows\DirectX.log   [35484]
O44 - LFC:[MD5.76A55191F4C2218D6F124F85C9C6AF83] - 22/05/2014 - 17:20:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [159030]
O44 - LFC:[MD5.1EB3BD92F427FB0979E6091C84231CF8] - 22/05/2014 - 17:20:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [775938]
O44 - LFC:[MD5.39F6A6B0D2360A1DB675E88ADA4B11A6] - 22/05/2014 - 18:33:11 ---A- . (...) -- C:\zoek-results2014-05-22-213311.log   [33149]
O44 - LFC:[MD5.CB828B9C3D9EDB078C61793A337AA797] - 22/05/2014 - 19:57:59 ---A- . (...) -- C:\zoek-results2014-05-22-225759.log   [5701]
O44 - LFC:[MD5.9560D51D2B1887DEB99EA2326A62E2D3] - 22/05/2014 - 20:39:49 ---A- . (...) -- C:\zoek-results2014-05-22-233949.log   [1971]
O44 - LFC:[MD5.4E83A80DAE057A49B1E2756231EEA461] - 22/05/2014 - 21:06:25 ---A- . (...) -- C:\zoek-results.log   [1608]
~ Files: 1043 Legitimates Filtered in 00mn 03s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
~ LSA: 3 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
~ Drivers: 71 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.55765F688271F6159BBCB53FB2D7EB73] [SPRF][16/05/2014] (...) -- C:\Users\Dearley\AppData\Roaming\unins000.dat   [31540]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{4EEB2788-5AD1-4BB8-B8A5-5C15E17921ED}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{61AE919B-AD85-4579-8756-664310912E69}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Dearley\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/11/2013 279024 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 14/01/2014 149496 |  (DellUpdate) . (.Dell Inc..) - C:\Program Files (x86)\Dell Update\DellUpService.exe
SS - | Demand 16/05/2014 1030600 |  (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 11/05/2013 822232 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Demand 02/08/2013 602944 |  (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 03/04/2014 315008 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/11/2009 98208 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 04/09/2013 312448 |  (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 13/01/2014 198664 |  (DellDigitalDelivery) . (.Dell Products, LP..) - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
SR - | Auto 21/02/2014 519720 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 30/07/2013 328928 |  (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 07/08/2013 15720 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 11/05/2013 733696 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 03/09/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 03/09/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/07/2013 328928 |  (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 |  (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 |  (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 |  (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 1041192 |  (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 219752 |  (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 189912 |  (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 |  (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/04/2014 1618888 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 23/10/2013 922912 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 30/07/2013 253776 |  (RichVideo) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 16/10/2013 289496 |  (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 21/11/2013 1915920 |  (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
SR - | Auto 31/08/2012 2754984 |  (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
~ Services:  Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}   =>Adware.Incredibar^
~ Additionnel Scan: 310203 Items scanned in 00mn 21s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.Incredibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Office
~ MSI: 2 link(s) detected in 00mn 00s



~ 1641 Legitimates filtered by white list
End of the scan (489 lines in 00mn 53s)(0)
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 22:07

Remoção do Baidu para instalar o Kaspersky 772309  Os programas iniciando com o Windows continuam do mesmo jeito, seria importante seguir as dicas do tutorial abaixo para deixar só as coisas realmente importantes iniciando com o sistema:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________

Remoção do Baidu para instalar o Kaspersky 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Remoção do Baidu para instalar o Kaspersky 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sex 23 maio 2014, 10:26, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) ZHPFix 1

Mensagem por dearley Qui 22 maio 2014, 22:09

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dearley at 22/05/2014 22:09:15
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (Cancelado pelo utilizador)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (41,984 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\Run: [resource] Chave orfã
NÃO-TRATADO O4 - HKUS\S-1-5-21\..\RunOnce: [resource] Chave orfã


========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
2 : Outros


End of clean in 00mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dearley\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 21:53:50 [1950]
C:\Users\Dearley\AppData\Roaming\ZHP\ZHPFix[R2].txt - 22/05/2014 22:09:16 [1011]
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 22:10

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por dearley Qui 22 maio 2014, 22:16

Bem mais rápido, está nítido!!

Agora, com relação ao antivírus, depois de todos esses passos, será que consigo instalar o Kaspersky?

possivelmente irei precisar de mais ajuda para fazer o mesmo com outro PC (não querendo se aproveitar, mas já se aproveitando).
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Power Max Qui 22 maio 2014, 22:22

Instale o Kaspersky e nos diga se tudo funcionou bem.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty (RESOLVIDO) Instalação Kaspersky

Mensagem por dearley Sex 23 maio 2014, 10:17

Poderia me ajudar a melhorar o desempenho de outro PC? Já passei o AdwCleaner

Power Max, tudo certo na instalação do Kaspersky!! Muitíssimo obrigado!!

Disseminarei esse blog na rede!! rsrs
dearley
dearley
Iniciante
Iniciante

Mensagens : 46
Reputação : 0
Data de inscrição : 22/05/2014
Idade : 36
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

Remoção do Baidu para instalar o Kaspersky Empty Re: Remoção do Baidu para instalar o Kaspersky

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos