Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


Remover CE_UmbrellaCert e Webssearches.

3 participantes

Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Remover CE_UmbrellaCert e Webssearches.

Mensagem por Victor Verenguer Qua 11 Jun 2014, 20:15

Boa noite, gostaria de uma ajuda na remoção de um aviso de certificação CE_UmbrellaCert e também de uma página de busca chamada WEBSSEARCH. Depois que instalei o utorrent as coisas desandaram e no final perdi a vontade de usar o programa e desinstalei. Agradeço a atenção.
Victor.
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Qua 11 Jun 2014, 20:18

Olá Victor.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO) relatório de Adwcleaner

Mensagem por Victor Verenguer Qua 11 Jun 2014, 20:51

Relatório veio neste formato.  

# AdwCleaner v3.212 - Relatório criado 11/06/2014 às 20:43:59
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Luiz - LUIZ-PC
# Executando de : C:\Users\Luiz\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : IePluginServices
Serviço Deletada : WindowsProtectManger

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsProtectManger
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\IminentToolbar
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Users\Luiz\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Luiz\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Luiz\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\Extensions\quick_start@gmail.com
Pasta Deletada : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Deletada : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\user.js
Arquivo Deletada : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "webssearches");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1402525356&from=tugs&uid=ST3250310AS_6RY3ARANXXXX6RY3ARAN");
Linha deletada : user_pref("extensions.crossrider.bic", "146834f7d7296935e8fd9b7ea5251b5e");
Linha deletada : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"140235625[...]
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"http://i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1402356475087");
Linha deletada : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [13011 octets] - [11/06/2014 20:42:57]
AdwCleaner[S0].txt - [10441 octets] - [11/06/2014 20:43:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10502 octets] ##########
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Qua 11 Jun 2014, 20:56

No seu PC está constando o Baidu, você quer removê-lo ou quer continuar com ele?

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 18 Jun 2014, 22:26, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO)Resultado do scan do zoek

Mensagem por Victor Verenguer Qua 11 Jun 2014, 22:38

Olá, decidi utilizar o Zoek. Parece que resolveu. O Baidu sumiu. Programa inconveniente. Tomarei mais cuidado ao baixar programas. Mas às vezes esses trashs são tão invasivos que
o usuário inexperiente não consegue barrá-los. Agradeço pela ajuda. Estou tendo problemas também com programas que pedem atualização, como por exemplo o FlashPlayer, o Mozila e o JAVA, e na verdade são vírus disfarçados. Não aguento mais..... Abraços.

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luiz on 11/06/2014 at 21:44:51,15.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luiz\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/06/2014 21:46:09 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js:

Added to C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_062014_2202_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\VideoPlayer deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Package Cache deleted

==== Folders Found ======================

2014-06-11 23:44:00 2014-06-11 23:44:00 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-09 23:20:09 2014-06-09 23:20:09 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-06-09 23:20:09 2014-06-09 23:21:10 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-09 23:20:09 2014-06-09 23:21:10 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-09 23:21:21 2014-06-09 23:21:21 -------- d-----w- C:\Users\Luiz\AppData\Roaming\Baidu Security
2014-06-09 23:20:27 2014-06-10 01:21:30 -------- d-----w- C:\Users\Public\Documents\Baidu Security

==== Files Found ======================


--- C:\Users\Luiz\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.5.70512.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.5.70512
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 20388656
Created time: 2014-06-09 23:20:15
Modified time: 2014-06-09 23:20:15
MD5: C35AD07330E6AA1F8051D9E1C43079D3
SHA1: 89CCD48581CEF28B3FE4AD25C058E7FED0D4BEC5


--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.5.7-95188CB6.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 79380
Created time: 2014-06-09 23:20:35
Modified time: 2014-06-09 23:20:35
MD5: 169CA7E0E129740DCA2EAB6186E74DAC
SHA1: F23E77C391482790D3810251760D6A96E8C2FCE2


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\1665607]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=31cf97f0d245a1facd48e6459be27b5f&old_userid=6RY3ARAN-002354C89B22!165d009a-f7ff-49a5-9c11-cfeb372a7009@#002354C89B22&install_time=2014-06-09 23:20:27&parent_name="

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=31cf97f0d245a1facd48e6459be27b5f&old_userid=6RY3ARAN-002354C89B22!165d009a-f7ff-49a5-9c11-cfeb372a7009@#002354C89B22&install_time=2014-06-09 23:20:27&parent_name="

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\Setup]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [22/11/2013 16:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default
738C29EAC995029E13333034C1402F56 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash
5B0F6A8F086D3220272919A3023EF180 - C:\Users\Luiz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Luiz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/04/2014 11:07]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 14:24]

Docs - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealDownloader - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{86c83f9e-48a4-4cd2-a763-64fea5df35f7} Unknown  Url="Not_Found"
{8DF5265D-DF88-4BFE-A517-07035BC8A23E} Google  Url="http://www.google.com/search?hl=en&q={searchTerms}&rlz="

==== Reset Google Chrome ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Luiz\Desktop\Documentos - Atalho.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\Luiz\Desktop\HP Photosmart C4200 series - Atalho.lnk -  
C:\Users\Luiz\Desktop\Jogos\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Luiz\Desktop\Jogos\DDTank.lnk - C:\Users\Luiz\AppData\Roaming\337\DDTank\gamelogin.exe
C:\Users\Luiz\Desktop\Jogos\Dolphin - Mario Bros.lnk - C:\Discos\Dolphin-win-x64-v3.5-367\Dolphin.exe
C:\Users\Luiz\Desktop\Jogos\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Luiz\Desktop\Jogos\GForce.lnk - C:\Program Files (x86)\Disney Interactive Studios\G-Force\GForce.exe
C:\Users\Luiz\Desktop\Jogos\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Luiz\Desktop\Jogos\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Luiz\Desktop\Jogos\Need for Speed™ Carbon.lnk -  
C:\Users\Luiz\Desktop\Jogos\Play League of Legends.lnk - C:\Jogos\lol.launcher.exe
C:\Users\Luiz\Desktop\Jogos\World of Warcraft.lnk - C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Premier.lnk -  
C:\Users\Public\Desktop\avast SafeZone.lnk -  
C:\Users\Public\Desktop\TV Expert.lnk - C:\Program Files (x86)\TV Expert\ADTV.exe
C:\Users\Public\Desktop\Virtual CloneDrive.lnk - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BlackBerry Desktop Software.lnk - C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Desligar.lnk - C:\Windows\System32\shutdown.exe -s -t 0
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero Burning ROM 2014.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:50131;https=127.0.0.1:50131"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY6AI0ZI will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Luiz\AppData\Local\Mozilla\Firefox\Profiles\jnvitik0.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=5 1034995 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Luiz\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Luiz\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Luiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY6AI0ZI" not found

==== EOF on 11/06/2014 at 22:20:06,52 ======================
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Qui 12 Jun 2014, 11:27

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 18 Jun 2014, 22:26, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO)resposta da remoção do Baidu

Mensagem por Victor Verenguer Ter 17 Jun 2014, 19:02

Abaixo o relatório do Zoek.
Grato

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Luiz on 17/06/2014 at 18:24:39,15.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luiz\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-12-012006.log 31395 bytes

==== System Restore Info ======================

17/06/2014 18:29:32 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\1665607]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]
[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]
"url"=-
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]
[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]
"url"=-
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\Setup]

==== Deleting Files \ Folders ======================

"C:\Users\Luiz\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.5.70512.exe" not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Luiz\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.5.7-95188CB6.pf" deleted

==== Folders Found ======================

2014-06-11 23:44:00 2014-06-11 23:44:00 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-17 21:31:57 2014-06-17 21:31:57 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-17 21:31:57 2014-06-17 21:32:00 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-17 21:32:00 2014-06-17 21:32:03 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-17 21:32:03 2014-06-17 21:32:03 -------- d---a-w- C:\zoek_backup\C_Users_Luiz_AppData_Roaming_Baidu Security
2014-06-17 21:32:03 2014-06-17 21:32:03 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.5.7-95188CB6.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 79380
Created time: 2014-06-17 21:32:03
Modified time: 2014-06-09 23:20:35
MD5: 169CA7E0E129740DCA2EAB6186E74DAC
SHA1: F23E77C391482790D3810251760D6A96E8C2FCE2


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]

[HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=41 87948330 bytes)

==== EOF on 17/06/2014 at 18:36:24,89 ======================
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Ter 17 Jun 2014, 19:11

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 18 Jun 2014, 22:27, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO)resposta da remoção do Baidu

Mensagem por Victor Verenguer Ter 17 Jun 2014, 19:24

O relatório segue em anexo, grato.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Luiz on 17/06/2014 at 19:15:53,16.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luiz\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-12-012006.log 31395 bytes
C:\zoek-results2014-06-17-213624.log 13989 bytes

==== System Restore Info ======================

17/06/2014 19:17:19 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344303]
[-HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\9344631]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=41 87948330 bytes)

==== EOF on 17/06/2014 at 19:18:46,04 ======================
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Ter 17 Jun 2014, 19:27

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Victor Verenguer Ter 17 Jun 2014, 20:30

Agora acho que estou livre destas coisas malditas.
Grato.
Segue relatório.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Luiz on 17/06/2014 at 20:13:02,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luiz\AppData\Roaming\mozilla\firefox\profiles\jnvitik0.default\minidumps [184 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2014 at 20:27:41,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Ter 17 Jun 2014, 21:04

Estamos quase acabando, falta só o ZHP.

zoek - Remover CE_UmbrellaCert e Webssearches. 772309 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Victor Verenguer Ter 17 Jun 2014, 21:26

Relatório ZHPDiag abaixo.
~ Relatório do ZHPDiag v2014.6.17.93 - Nicolas Coolman (17/06/2014)
~ Iniciado por Luiz (17/06/2014 21:17:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17126 (Defaut)
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Premier v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2943 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 50 GB (21%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUIZ-PC
~ User Name: Luiz
~ All Users Names: Luiz, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luiz\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luiz\AppData\Roaming\
~ %Desktop% : C:\Users\Luiz\Desktop\
~ %Favorites% : C:\Users\Luiz\Favorites\
~ %LocalAppData% : C:\Users\Luiz\AppData\Local\
~ %StartMenu% : C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 50 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/05/2014 - 04:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8454
~ Mes musiques (My Musics) : 1/986
~ Mes Videos (My Videos) : 1/221
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 4/3456
~ Mon Bureau (My Desktop) : 1/1332
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 13s



---\\ Processos lançados
[MD5.8C46AD1E382018E0B4D6E31B9AB27E5C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248] [PID.2476]
[MD5.A42480689D63231F6996A12D21AA96C3] - (.No owner - TV Card Remote Control Applet.) -- C:\Windows\713xRMT.exe [466944] [PID.3400]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3636]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.3652]
[MD5.711561440FDC396CB6E4C69C13375A38] - (.GlavSoft LLC. - TightVNC Server for Windows.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704] [PID.2924]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.3860]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1768]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1336]
[MD5.4D12C773CE660A002EBFE82602924C4B] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe [1869488] [PID.4800]
[MD5.E4D31A3743EC6F9528A0B998CAF7F72E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8069632] [PID.4240]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1292]
[MD5.55FF0FFE359702D2E2B99DF5CBB3DD06] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1668]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1808]
[MD5.E59AFB64C2F6E0C99350E1C944C75088] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [762192] [PID.4264]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ IE Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:55447;https=127.0.0.1:55447 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Luiz\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKLM\..\Wow6432Node\Run: [TV Card Remote Control Device Monitor] . (.No owner - TV Card Remote Control Applet.) -- C:\Windows\713xRMT.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [tvncontrol] . (.GlavSoft LLC. - TightVNC Server for Windows.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [fst_br_147] Chave orfã
O4 - HKUS\S-1-5-21-2032838380-1236204141-1967180275-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2032838380-1236204141-1967180275-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2032838380-1236204141-1967180275-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Luiz\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 201.6.2.165 201.6.2.45 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
~ Services: 8 Legitimates Filtered in 00mn 10s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{B2EE9451-26D2-4ECB-B85C-0B29B0062AD5}] (...) -- D:\MC 110\MC 1.1 Installers\MC 1.1 Installer by Kaise123\minecraft_installer_4.1.0_kaise123\Minecraft_Installer_4.1.0_kaise123-MC110.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C016C6A9-BB18-4B0E-A4CF-A70552440553}] (...) -- C:\Users\Luiz\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2032838380-1236204141-1967180275-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2032838380-1236204141-1967180275-1000UA [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: ({9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 85 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: TV Expert - (.TV Expert Publisher.) [HKLM][64Bits] -- {68CC21AD-B6EC-4DB8-954D-F27AD0D9A83F}
O42 - Logiciel: Wii Emulator - New Mario Edition - (.Dolphin - By B.O.Y.) [HKLM][64Bits] -- {0D080FEB-6335-4805-86C5-B55777ED2221}
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Anne]
[HKLM\Software\Wow6432Node\Dolphin - By B.O.Y]
[HKLM\Software\Wow6432Node\fst]
~ Key Software: 272 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/09/2013 - 11:10:26 - [] ----D C:\Program Files (x86)\Dolphin - By B.O.Y
O43 - CFD: 09/06/2014 - 22:27:12 - [0] ----D C:\Program Files (x86)\Mediaa_Play_AIR_1.4 =>PUP.CrossRider
O43 - CFD: 09/12/2013 - 08:00:40 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/05/2014 - 14:27:34 - [] ----D C:\Program Files (x86)\ShowMyPCService
O43 - CFD: 17/09/2013 - 15:51:05 - [] ----D C:\Program Files (x86)\TV Expert
O43 - CFD: 11/05/2014 - 13:09:17 - [] ----D C:\ProgramData\Anne
O43 - CFD: 09/06/2014 - 20:20:36 - [] ----D C:\Users\Luiz\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 01/05/2014 - 16:28:50 - [] ----D C:\Users\Luiz\AppData\Roaming\rmi
O43 - CFD: 07/01/2014 - 22:11:48 - [] ----D C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 163 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.BF2F4A49CA8845AB308A8059110BE2BC] - 03/06/2014 - 22:04:11 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147638]
O44 - LFC:[MD5.A13BF980DE56C8722C6F287BD6987B44] - 03/06/2014 - 22:04:11 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705798]
O44 - LFC:[MD5.FAEFA03000639FA0AB753BC2A4C64D89] - 09/06/2014 - 12:10:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.C6EAD31A05B008485045120074995B9B] - 10/06/2014 - 18:13:58 ---A- . (...) -- C:\Windows\win.ini [713]
O44 - LFC:[MD5.A572BE23E0EC7129F252F87F5A401014] - 11/06/2014 - 22:20:06 ---A- . (...) -- C:\zoek-results2014-06-12-012006.log [31395]
O44 - LFC:[MD5.C4AA157F5C961D519052A667D5201E18] - 17/06/2014 - 18:36:24 ---A- . (...) -- C:\zoek-results2014-06-17-213624.log [13989]
O44 - LFC:[MD5.4451B2FFFA5CBDBB948C5087728A0E78] - 17/06/2014 - 19:18:46 ---A- . (...) -- C:\zoek-results.log [1778]
~ Files: 55 Legitimates Filtered in 00mn 41s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/03/2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192]
O58 - SDL:24/04/2014 - 11:08:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:24/04/2014 - 11:08:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:24/04/2014 - 11:08:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys [16448]
O58 - SDL:09/06/2014 - 12:10:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16448]
~ Drivers: 82 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/06/2014 - C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys ({9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64) .(.StdLib - StdLib.) - LEGACY_{9ACD1534-E8F8-40CB-B5AC-4996FE01175B}GW64 =>PUP.LinkiDoo
~ Legacy: 89 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {8DF5265D-DF88-4BFE-A517-07035BC8A23E} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7B4823940D68B266137550058EB9DB73] [SPRF][12/05/2014] (...) -- C:\Users\Luiz\Desktop\PS_AIO_C4200_NonNet_Full_Win_WW_130_140.exe [219873664]
[MD5.1DDAF4BC34EF4DC35C2745986DD23D8D] [SPRF][16/09/2013] (...) -- C:\Users\Luiz\Desktop\Suporte Remoto 2.exe [2459200]
~ Files: 3 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
~ BTK: 89 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/09/2013 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 11/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 09/09/2013 585728 | (BlackBerry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Auto 22/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/11/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Disabled 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 02/04/2014 1615192 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Disabled 02/04/2014 20541216 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Disabled 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Disabled 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 24/04/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/07/2010 815704 | (tvnserver) . (.GlavSoft LLC..) - C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13026 - (17/06/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ContentExplorer =>PUP.ContentExplorer^
C:\Program Files (x86)\Mediaa_Play_AIR_1.4 =>PUP.CrossRider^
C:\Users\Luiz\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
~ Additionnel Scan: 259031 Items scanned in 00mn 54s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 6 link(s) detected in 00mn 00s



~ 845 Legitimates filtered by white list
End of the scan (461 lines in 03mn 22s)(0)
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Ter 17 Jun 2014, 22:00

zoek - Remover CE_UmbrellaCert e Webssearches. 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
______________________________________________________________________________________

zoek - Remover CE_UmbrellaCert e Webssearches. 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

zoek - Remover CE_UmbrellaCert e Webssearches. 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Qua 18 Jun 2014, 22:27, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO) relatório ZHPfix

Mensagem por Victor Verenguer Ter 17 Jun 2014, 22:22

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luiz at 17/06/2014 22:19:16
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\luiz\appdata\roaming\contentexplorer\uninstall.exe

========== Estado dos serviços ==========
{9ACD1534-E8F8-40CB-B5AC-4996FE01175B}GW64 Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\fst
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS

========== Valores do Registo ==========
ELIMINÉ RunValue: fst_br_147
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (126) (4.796.675 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {B2EE9451-26D2-4ECB-B85C-0B29B0062AD5}
ELIMINÉ: {C016C6A9-BB18-4B0E-A4CF-A70552440553}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
5 : Chaves do Registo
7 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
1 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/06/2014 22:19:22 [2234]
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Ter 17 Jun 2014, 22:48

Reinicie o PC para que o ZHP complete a limpeza.

Depois de reiniciar faça isto:

zoek - Remover CE_UmbrellaCert e Webssearches. 772309 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO) Relatório ZHPDiag pesquisar

Mensagem por Victor Verenguer Qua 18 Jun 2014, 20:02

~ Relatório do ZHPDiag v2014.6.17.93 - Nicolas Coolman  (17/06/2014)
~ Iniciado por Luiz (18/06/2014 19:24:32)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17126 (Defaut)
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Premier v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2943 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 48 GB (20%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUIZ-PC
~ User Name: Luiz
~ All Users Names: Luiz, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luiz\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luiz\AppData\Roaming\
~ %Desktop% : C:\Users\Luiz\Desktop\
~ %Favorites% : C:\Users\Luiz\Favorites\
~ %LocalAppData% : C:\Users\Luiz\AppData\Local\
~ %StartMenu% : C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 48 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.40BFD9D6EC8E174145F012246CA73CCD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.30/05/2014 - 04:56:56.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/8457
~ Mes musiques (My Musics) : 1/986
~ Mes Videos (My Videos) : 1/221
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 4/3456
~ Mon Bureau (My Desktop) : 1/1333
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn 09s



---\\ Processos lançados
[MD5.8C46AD1E382018E0B4D6E31B9AB27E5C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [21445248] [PID.2536]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe   [3890208] [PID.3412]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe   [54840] [PID.3444]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.3940]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [18544] [PID.6068]
[MD5.4D12C773CE660A002EBFE82602924C4B] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe   [1869488] [PID.5748]
[MD5.E4D31A3743EC6F9528A0B998CAF7F72E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8069632] [PID.1080]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [50344] [PID.1292]
[MD5.55FF0FFE359702D2E2B99DF5CBB3DD06] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [109048] [PID.1632]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1936]
[MD5.711561440FDC396CB6E4C69C13375A38] - (.GlavSoft LLC. - TightVNC Server for Windows.) -- C:\Program Files (x86)\ShowMyPCService\tvnserver.exe   [815704] [PID.3008]
[MD5.E59AFB64C2F6E0C99350E1C944C75088] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe   [762192] [PID.3544]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe   =>.Hewlett-Packard Co
O4 - HKUS\S-1-5-21-2032838380-1236204141-1967180275-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2032838380-1236204141-1967180275-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C83F126A-1605-456E-8A62-400BAB8C83E8}: DhcpNameServer = 201.6.2.165 201.6.2.45 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe  =>Hijacker.Office
~ Services: 8 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2032838380-1236204141-1967180275-1000Core   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2032838380-1236204141-1967180275-1000UA   [924]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1060]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1064]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s



---\\ Software instalados (042)
O42 - Logiciel: TV Expert - (.TV Expert Publisher.) [HKLM][64Bits] -- {68CC21AD-B6EC-4DB8-954D-F27AD0D9A83F}
O42 - Logiciel: Wii Emulator - New Mario Edition - (.Dolphin - By B.O.Y.) [HKLM][64Bits] -- {0D080FEB-6335-4805-86C5-B55777ED2221}
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Anne]
[HKLM\Software\Wow6432Node\Dolphin - By B.O.Y]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/09/2013 - 11:10:26 - [] ----D C:\Program Files (x86)\Dolphin - By B.O.Y
O43 - CFD: 09/12/2013 - 08:00:40 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/05/2014 - 14:27:34 - [] ----D C:\Program Files (x86)\ShowMyPCService
O43 - CFD: 17/09/2013 - 15:51:05 - [] ----D C:\Program Files (x86)\TV Expert
O43 - CFD: 11/05/2014 - 13:09:17 - [] ----D C:\ProgramData\Anne
O43 - CFD: 01/05/2014 - 16:28:50 - [] ----D C:\Users\Luiz\AppData\Roaming\rmi
O43 - CFD: 07/01/2014 - 22:11:48 - [] ----D C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ Program Folder: 161 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.BF2F4A49CA8845AB308A8059110BE2BC] - 03/06/2014 - 22:04:11 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147638]
O44 - LFC:[MD5.A13BF980DE56C8722C6F287BD6987B44] - 03/06/2014 - 22:04:11 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705798]
O44 - LFC:[MD5.FAEFA03000639FA0AB753BC2A4C64D89] - 09/06/2014 - 12:10:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys   [61112]  =>PUP.LinkiDoo
O44 - LFC:[MD5.C6EAD31A05B008485045120074995B9B] - 10/06/2014 - 18:13:58 ---A- . (...) -- C:\Windows\win.ini   [713]
O44 - LFC:[MD5.A572BE23E0EC7129F252F87F5A401014] - 11/06/2014 - 22:20:06 ---A- . (...) -- C:\zoek-results2014-06-12-012006.log   [31395]
O44 - LFC:[MD5.C4AA157F5C961D519052A667D5201E18] - 17/06/2014 - 18:36:24 ---A- . (...) -- C:\zoek-results2014-06-17-213624.log   [13989]
O44 - LFC:[MD5.4451B2FFFA5CBDBB948C5087728A0E78] - 17/06/2014 - 19:18:46 ---A- . (...) -- C:\zoek-results.log   [1778]
~ Files: 55 Legitimates Filtered in 00mn 24s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\TV Card Remote Control Device Monitor  [Key] . (.No owner - TV Card Remote Control Applet.) -- C:\Windows\713xRMT.exe
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/03/2005 - 01:30:38 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys   [8192]
O58 - SDL:24/04/2014 - 11:08:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [29208]  =>.ALWIL Software
O58 - SDL:24/04/2014 - 11:08:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:24/04/2014 - 11:08:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [208416]  =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\System32\Drivers\TFsExDisk.sys   [16448]
O58 - SDL:09/06/2014 - 12:10:10 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys   [61112]  =>PUP.LinkiDoo
O58 - SDL:25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys   [5632]
O58 - SDL:14/06/2010 - 08:32:54 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys   [16448]
~ Drivers: 82 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 89 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {8DF5265D-DF88-4BFE-A517-07035BC8A23E} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7B4823940D68B266137550058EB9DB73] [SPRF][12/05/2014] (...) -- C:\Users\Luiz\Desktop\PS_AIO_C4200_NonNet_Full_Win_WW_130_140.exe   [219873664]
[MD5.1DDAF4BC34EF4DC35C2745986DD23D8D] [SPRF][16/09/2013] (...) -- C:\Users\Luiz\Desktop\Suporte Remoto 2.exe   [2459200]
~ Files: 3 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/09/2013 72704 |  (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 11/06/2014 262320 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 09/09/2013 585728 |  (BlackBerry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
SS - | Auto 22/11/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/11/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/11/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
SS - | Disabled 10/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Disabled 02/04/2014 1615192 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Disabled 02/04/2014 20541216 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Disabled 04/03/2014 922968 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Disabled 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 04/03/2014 411936 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/04/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 24/04/2014 109048 |  (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 18/07/2013 762192 |  (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 08/07/2010 815704 |  (tvnserver) . (.GlavSoft LLC..) - C:\Program Files (x86)\ShowMyPCService\tvnserver.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13026 - (17/06/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
~ Additionnel Scan: 258674 Items scanned in 01mn 05s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Barras do Internet Explorer (03))
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.LinkiDoo
~ MSI: 2 link(s) detected in 00mn 00s



~ 842 Legitimates filtered by white list
End of the scan (427 lines in 03mn 00s)(0)
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Qua 18 Jun 2014, 22:25

zoek - Remover CE_UmbrellaCert e Webssearches. 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

zoek - Remover CE_UmbrellaCert e Webssearches. 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está o PC depois disto.


Última edição por Power Max em Qui 19 Jun 2014, 10:05, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty (RESOLVIDO) relatório ZHPfix

Mensagem por Victor Verenguer Qui 19 Jun 2014, 00:28

O PC está muito melhor sem aquele monte de porcaria. Inicia mais rápido, porém alguns programas como Paypal pedem janelas de pop up ativadas.
Gostei muito da atenção deste Fórum. Não conhecia este tipo de trabalho e não sei como funciona. Mas recomendo para qualquer iniciante.
Grato.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Luiz at 19/06/2014 00:21:22
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (3) (71.782 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Pastas
6 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/06/2014 22:19:22 [2313]
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R2].txt - 19/06/2014 00:21:26 [1127]
Victor Verenguer
Victor Verenguer
Iniciante
Iniciante

Mensagens : 34
Reputação : 0
Data de inscrição : 10/06/2014

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Power Max Qui 19 Jun 2014, 10:04

alguns programas como Paypal pedem janelas de pop up ativadas.
Quando você for acessar o Paypal desative temporariamente o bloqueador de popups de seu navegador.
_____________________________________________________________________________________

isso aí! Fico feliz que o problema tenha sido resolvido.

zoek - Remover CE_UmbrellaCert e Webssearches. 772309 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

zoek - Remover CE_UmbrellaCert e Webssearches. 772309 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

zoek - Remover CE_UmbrellaCert e Webssearches. 648673379 Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Danii Qui 19 Jun 2014, 11:13

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

zoek - Remover CE_UmbrellaCert e Webssearches. Empty Re: Remover CE_UmbrellaCert e Webssearches.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos