Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit  Social bookmarking google      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14538 usuários registrados
O último usuário registrado atende pelo nome de Asaseu

Os nossos membros postaram um total de 35544 mensagens em 3616 assuntos
Últimos assuntos
» windows 10 pro
por joram Sab 15 Ago 2020, 13:04

Quem está conectado
3 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 3 Visitantes :: 2 Motores de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2020
SegTerQuaQuiSexSabDom
 123456
78910111213
14151617181920
21222324252627
282930    

Calendário Calendário


Links de propaganda nos sites.

Página 1 de 2 1, 2  Seguinte

Ir em baixo

sites - Links de propaganda nos sites. Empty Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 20:52

Andei olhando os tópicos e já baixei o adwcleaner e segui o tutorial. Estou com o relatório, o que devo fazer agora?

Acho que seria preciso uma análise de um especialista, é isso?

Estão abrindo links offerswizard ads, focusbase ads, me jogam o tempo todo pra outras paginas além de deixar o google chrome quase parando. Começou a acontecer de uma semana pra cá e já não sei mais o que fazer.

segue o relatório do Adwcleaner:

# AdwCleaner v3.213 - Relatório criado 25/06/2014 às 18:35:13
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Corcino - CORCINO-PC
# Executando de : C:\Users\Corcino\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : CltMngSvc
[#] Serviço Deletada : dealplylive
[#] Serviço Deletada : dealplylivem
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DealPlyLive
[!] Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
Pasta Deletada : C:\Program Files (x86)\BetterSurf
Pasta Deletada : C:\Program Files (x86)\DealPly
Pasta Deletada : C:\Program Files (x86)\DealPlyLive
Pasta Deletada : C:\Program Files (x86)\Lightspark 0.5.3-git
Pasta Deletada : C:\Program Files (x86)\MediaPlayerV1
Pasta Deletada : C:\Program Files (x86)\MediaViewerV1
Pasta Deletada : C:\Program Files (x86)\MediaViewV1
Pasta Deletada : C:\Program Files (x86)\MediaWatchV1
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\Mysearchdial
Pasta Deletada : C:\Program Files (x86)\RichMediaViewV1
[!] Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\VideoPlayerV3
Pasta Deletada : C:\Program Files (x86)\WebexpEnhancedV1
Pasta Deletada : C:\Users\Corcino\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\Corcino\AppData\Local\genienext
Pasta Deletada : C:\Users\Corcino\AppData\Local\lollipop
Pasta Deletada : C:\Users\Corcino\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Corcino\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Corcino\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Corcino\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Corcino\AppData\Local\SwvUpdater
Pasta Deletada : C:\Users\Corcino\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Corcino\AppData\Local\Temp\eIntaller
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\Corcino\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Corcino\daemonprocess.txt
Arquivo Deletada : C:\Users\Corcino\AppData\Local\mysearchdial-speeddial.crx
Arquivo Deletada : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\Corcino\Desktop\Continue VuuPC Installation.lnk
Arquivo Deletada : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\windows\Tasks\AmiUpdXp.job
Arquivo Deletada : C:\windows\System32\Tasks\AmiUpdXp
Arquivo Deletada : C:\windows\Tasks\Dealply.job
Arquivo Deletada : C:\windows\System32\Tasks\Dealply
Arquivo Deletada : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
Arquivo Deletada : C:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
Arquivo Deletada : C:\windows\Tasks\Digital Sites.job
Arquivo Deletada : C:\windows\System32\Tasks\Digital Sites
Arquivo Deletada : C:\windows\Tasks\SaveSense.job
Arquivo Deletada : C:\windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Chave Deletedo : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deletedo : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SearchProtectINT
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKLM\Software\BetterSurf
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Lightspark Team
Chave Deletedo : HKLM\Software\MediaBuzzV1
Chave Deletedo : HKLM\Software\MediaViewerV1
Chave Deletedo : HKLM\Software\MediaViewV1
Chave Deletedo : HKLM\Software\MediaWatchV1
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [25422 octets] - [25/06/2014 18:32:39]
AdwCleaner[S0].txt - [23136 octets] - [25/06/2014 18:35:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23197 octets] ##########
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 20:56

Olá Marcos. No seu PC está constando o antivirus Baidu instalado. Você quer continuar com ele ou quer removê-lo? Seja qual for a sua resposta para esta pergunta, siga esta dica abaixo:

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 21:38

Quero remover o Baidu, pensei que já tinha desinstalado o mesmo no meu painel de controle. Não sei mais o que fazer pra remove-lo do computador.

Vou fazer o que foi passado.
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 21:51

Ok, fico no aguardo do relatório do Zoek.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qua 25 Jun 2014, 22:32

segue:


Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 25/06/2014 at 21:58:32,46.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25/06/2014 21:59:52 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update focusbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update focusbase deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\Corcino\.android deleted
C:\PROGRA~2\MediaBuzzV1 deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\found.000 deleted
C:\found.001 deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Corcino\AppData\Local\cache deleted
C:\Users\Corcino\Searches deleted
C:\windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys deleted
C:\windows\SysNative\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\Syswow64\sho17F3.tmp deleted
C:\windows\Syswow64\sho18FB.tmp deleted
C:\windows\Syswow64\sho6CD8.tmp deleted
C:\windows\Syswow64\sho73D.tmp deleted
C:\windows\Syswow64\sho7A2E.tmp deleted
C:\windows\Syswow64\sho84EA.tmp deleted
C:\windows\Syswow64\sho8946.tmp deleted
C:\windows\Syswow64\shoBA4B.tmp deleted
C:\windows\Syswow64\shoBED1.tmp deleted
C:\windows\Syswow64\shoF330.tmp deleted
C:\Users\Corcino\Desktop\FREE Games.url deleted
C:\Users\Corcino\AppData\Roaming\unins000.exe deleted
"C:\Users\Corcino\AppData\Local\{180E6D6F-6C30-4096-83BE-498D774951EB}" deleted
"C:\Users\Corcino\AppData\Local\{57619DE3-C7BF-4AE0-8F16-1B17A1E1B4B3}" deleted
"C:\Users\Corcino\AppData\Local\{8467EC85-25ED-4DFC-9597-F46D2FFB24FB}" deleted
"C:\PROGRA~2\focusbase\updatefocusbase.exe" deleted
"C:\PROGRA~2\focusbase\bin\focusbase.BrowserAdapter.exe" deleted
"C:\PROGRA~2\focusbase\bin\focusbase.PurBrowse64.exe" deleted
"C:\PROGRA~2\focusbase\bin\utilfocusbase.exe" deleted
"C:\PROGRA~2\focusbase\bin\{2b929fe1-284b-4766-afb9-19b0915b99b0}.dll" deleted
"C:\PROGRA~2\focusbase" not deleted
"C:\PROGRA~2\focusbase\bin" not deleted

==== Folders Found ======================

2014-06-25 21:35:29 2014-06-25 21:35:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu\Baidu Antivirus
2014-06-25 21:35:43 2014-06-25 21:35:43 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-10-01 22:17:20 2013-12-11 19:31:33 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-06-25 15:53:53 2014-06-25 15:53:53 -------- d-----w- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
2013-10-01 22:17:21 2013-12-12 10:46:01 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-06-25 15:53:53 2014-06-25 21:38:10 -------- d-----w- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2013-12-10 01:24:07 2014-06-25 16:36:17 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-10 01:24:07 2014-06-25 16:36:17 -------- d-----w- C:\Users\All Users\Baidu Security
2013-10-01 22:16:46 2013-10-01 22:16:46 -------- d-----w- C:\Users\Corcino\AppData\Local\Temp\baidu_secure
2013-12-10 01:27:19 2013-12-10 01:27:19 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security
2013-12-11 20:18:36 2013-12-11 20:18:36 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall
2013-12-11 20:18:36 2013-12-11 20:18:36 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall HK
2014-01-23 01:31:42 2014-01-23 01:31:42 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-23 01:31:42 2014-01-23 01:31:42 -------- d-----w- C:\Users\Corcino\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_3.6.0.38659.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.6.0.38659
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 33811728
Created time: 2013-12-10 01:24:19
Modified time: 2013-12-10 01:24:19
MD5: 5F62577604EE1A79D3E90FB79C6E8B5A
SHA1: 5CDD1A6A6917A8004580603752223880FF304A33


--- C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.53841
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 16929536
Created time: 2014-01-23 01:13:59
Modified time: 2014-01-23 01:13:59
MD5: B31EBD87CF7F09DEA4126233F713F93C
SHA1: B62E928DBA3BA792178E3BF38F1687DBD6E5B58C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Corcino\\AppData\\Local\\Temp\\Baidu_Secure_SystemUp_3.6.0.38659.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ext@RichMediaViewV1release334.net"="C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release334\ff" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aoakemeblcmijnplphlnbjhfkmfbelfc - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2441\ch\MediaViewV1alpha2441.crx[]
ionfcpociagjdjcmebbajdekdfpcdida - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1746\ch\MediaViewerV1alpha1746.crx[]
jljadeeeogfgjmpkmkjeadjjghjnmkcl - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release334\ch\RichMediaViewV1release334.crx[]
mejicchkpecjlbfdnbnfhdlambampnap - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode8120\ch\MediaBuzzV1mode8120.crx[]
mgookpkclioaidnignjpjmfefaagijgc - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha815\ch\WebexpEnhancedV1alpha815.crx[]
oajipkhdmjhjfgpgafnekfdfnedlckhm - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home116\ch\MediaWatchV1home116.crx[]
oohefklmieejnmodkgobfpkknhapleag - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta912\ch\VideoPlayerV3beta912.crx[]
opmpjmhncemgenhklpodkffjblamekdh - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8847\ch\MediaViewV1alpha8847.crx[]
pppagaglfkmlpgobnlenhknilehpmcbo - C:\Program Files (x86)\PSafe\PSafeAV\safemon\360webshield.crx[]

Google Drive - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Corcino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
"newtab"="about:tabs"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1ec6326e-e016-4ecc-a700-df62596c364a} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{b6a3c800-02e8-4a20-b29b-8477fcf200e8} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{bdc5c206-6fd4-4c46-aabe-0fb4a22ed8c7} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{694e81fb-7335-4f49-ac2f-7756753ff9c2} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{af6e8707-3190-4f38-ab89-bdf735570bbb} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a5ff0eab-2d3d-43fc-b913-7d609d9390cf} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{55679d2e-fa54-43a4-961e-030a25643f76} deleted successfully
HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{b40440f9-1193-49e1-9dec-17e6f598bc44} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha815.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@VideoPlayerV3beta912.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewerV1alpha1746.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha2441.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha8847.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaWatchV1home116.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaBuzzV1mode8120.net deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@RichMediaViewV1release334.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Corcino\Desktop\Update Service.lnk - C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Multimedia POP.lnk - C:\Program Files\Samsung\MultimediaPOP\MultimediaPOP.exe
C:\Users\Public\Desktop\Samsung Support Center.lnk - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCMain.exe
C:\Users\Public\Desktop\User Guide.lnk - C:\Program Files\Samsung\SamsungManual\RunManual.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Corcino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aoakemeblcmijnplphlnbjhfkmfbelfc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ionfcpociagjdjcmebbajdekdfpcdida deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jljadeeeogfgjmpkmkjeadjjghjnmkcl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mejicchkpecjlbfdnbnfhdlambampnap deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mgookpkclioaidnignjpjmfefaagijgc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oajipkhdmjhjfgpgafnekfdfnedlckhm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oohefklmieejnmodkgobfpkknhapleag deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\opmpjmhncemgenhklpodkffjblamekdh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Video Player deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D} deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Corcino\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=71 folders=21 9613891 bytes)

==== Empty Temp Folders ======================

C:\Users\Corcino\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Corcino\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\focusbase" not found

==== EOF on 25/06/2014 at 22:27:47,78 ======================
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qua 25 Jun 2014, 23:23

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 11:41

segue:

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 26/06/2014 at 10:37:45,33.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Desktop\Área de trabalho\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes

==== System Restore Info ======================

26/06/2014 10:43:07 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"=-
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Corcino\\AppData\\Local\\Temp\\Baidu_Secure_SystemUp_3.6.0.38659.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012514-23743-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-13306-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15303-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-15865-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-16224-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-17222-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\012614-18174-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\060513-23977-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\100113-41948-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130251509205344651.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\driver\MEMORY_130352412307696128.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\Bug\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\users\\corcino\\appdata\\roaming\\baidu security\\pc faster\\3.6.0.38659\\rpdata"=-

==== Deleting Files \ Folders ======================

C:\Users\Corcino\AppData\Local\Temp\baidu_secure not found
"C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_3.6.0.38659.exe" not found
"C:\Users\Corcino\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe" not found
C:\Program Files (x86)\Baidu Security deleted
C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687 deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Corcino\AppData\Roaming\Baidu Security deleted

==== Folders Found ======================

2014-06-25 21:35:29 2014-06-25 21:35:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu
2014-06-25 21:35:42 2014-06-25 21:35:42 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Corcino\AppData\Roaming\baidu\Baidu Antivirus
2014-06-25 21:35:43 2014-06-25 21:35:43 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687
2014-06-26 13:46:23 2014-06-25 21:38:10 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-26 13:46:23 2014-06-26 13:46:33 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-26 13:46:33 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_3.6.0.38659_Uninstall_Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_3.6.0.38659_Uninstall_Baidu PC Faster Uninstall HK
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-26 13:46:23 2014-06-26 13:46:23 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-06-26 13:46:23 2014-06-25 21:38:10 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\3.6.0.38659\Uninstall\Baidu PC Faster Uninstall HK
2014-06-26 13:46:51 2014-06-26 13:46:51 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-26 13:46:52 2014-06-26 13:46:52 -------- d---a-w- C:\zoek_backup\C_Users_Corcino_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 10:53:17,63 ======================
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 12:31

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 13:23

segue:

Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Corcino on 26/06/2014 at 13:12:17,79.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Corcino\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes
C:\zoek-results2014-06-26-135317.log 25252 bytes

==== System Restore Info ======================

26/06/2014 13:15:23 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2995853168-2351960583-972482601-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.6.0.38659\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 13:21:13,59 ======================
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 13:58

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 15:07

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by Corcino on 26/06/2014 at 14:57:13,26.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Corcino\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-26-012747.log 42843 bytes
C:\zoek-results2014-06-26-135317.log 25252 bytes
C:\zoek-results2014-06-26-162113.log 6211 bytes

==== System Restore Info ======================

26/06/2014 14:59:40 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-01-22 01-27-35-0515-[30044].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-22 01-25-21-0107-[29606].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-22 01-32-02-0515-[30916].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=273 folders=97 550166826 bytes)

==== EOF on 26/06/2014 at 15:05:51,23 ======================
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 15:10

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 17:14

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Corcino on 26/06/2014 at 16:51:50,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 16:59:45,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 17:16

sites - Links de propaganda nos sites. 772309 Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 18:51

segue:

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Corcino (26/06/2014 18:44:10)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 9
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1961 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (62%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CORCINO-PC
~ User Name: Corcino
~ All Users Names: Corcino, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Corcino\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Corcino\AppData\Roaming\
~ %Desktop% : C:\Users\Corcino\Desktop\
~ %Favorites% : C:\Users\Corcino\Favorites\
~ %LocalAppData% : C:\Users\Corcino\AppData\Local\
~ %StartMenu% : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 165 Go of 165 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 19:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 22:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 3/388
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.1596]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2352]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.2428]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3232]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3640]
[MD5.BC5C2A727B521B58A6C7ACF931D93F86] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1040264] [PID.3660]
[MD5.D5C65D259096440FF3426852C712B2E0] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [7062608] [PID.3676]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.3944]
[MD5.71094F0CC1E88EB690EA2D33CD23D4FF] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4394576] [PID.3136]
[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.3828]
[MD5.75BD6130D6D1151CB3CAA8296EAD9E5F] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [3398736] [PID.2856]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.1656]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.2256]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.804]
[MD5.B080A5552A75B4A51E058E9685440A5B] - (...) -- C:\windows\SysWOW64\nethtsrv.exe [180224] [PID.1516]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.1584]
[MD5.1F450DB569DE7C2C539834F0A35AFE37] - (...) -- C:\windows\SysWOW64\netupdsrv.exe [159744] [PID.1644]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1916]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1980]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.1976]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2044]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1996]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Corcino\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper [64Bits] - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Network HTTP Support Service (NetHttpService) . (...) - C:\windows\SysWOW64\nethtsrv.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) . (...) - C:\windows\SysWOW64\netupdsrv.exe
~ Services: 8 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{8E4A6320-0AAB-4737-A2E1-C0C0D8CCCEA9}] (...) -- c:\users\Corcino\appdata\local\lollipop\lollipop.bat (.not file.) [0] =>Adware.Lollipop
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (nethfdrv) . (.nethfdrv - nethfdrv.) - C:\windows\system32\drivers\nethfdrv.sys
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}w64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Media Buzz - (.Media Buzz.) [HKLM][64Bits] -- MediaBuzzV1mode8120 =>PUP.MediaBuzz
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha2441 =>PUP.MediaViewer
O42 - Logiciel: Media View - (.Media View.) [HKLM][64Bits] -- MediaViewV1alpha8847 =>PUP.MediaViewer
O42 - Logiciel: Media Viewer - (.Media Viewer.) [HKLM][64Bits] -- MediaViewerV1alpha1746 =>PUP.MediaViewer
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM][64Bits] -- MediaWatchV1home116 =>PUP.MediaWatch
O42 - Logiciel: Network System Driver - (...) [HKLM][64Bits] -- inethnfd
O42 - Logiciel: Rich Media View - (.Rich Media View.) [HKLM][64Bits] -- RichMediaViewV1release334 =>PUP.MediaViewer
O42 - Logiciel: focusbase - (.focusbase.) [HKLM][64Bits] -- focusbase
~ Logic: 46 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\OB]
[HKCU\Software\focusbase]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\RichMediaViewV1] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\Wow6432Node\focusbase]
[HKLM\Software\baidu]
~ Key Software: 279 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/06/2014 - 23:09:50 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 24/01/2014 - 09:04:46 - [] ----D C:\Users\Corcino\AppData\Roaming\360safe
O43 - CFD: 03/10/2013 - 13:56:22 - [] ----D C:\Users\Corcino\AppData\Roaming\Virus Scan
~ Program Folder: 137 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0D4307062347973B866297CF0A689CD8] - 16/06/2014 - 09:59:16 ---A- . (.nethfdrv - nethfdrv.) -- C:\Windows\System32\Drivers\nethfdrv.sys [46160]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/06/2014 - 23:14:57 ---A- . (...) -- C:\awh7242.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 12:53:44 ---A- . (...) -- C:\awh4E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:01:49 ---A- . (...) -- C:\awhFE99.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:29:10 ---A- . (...) -- C:\awhE9A2.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 12:04:58 ---A- . (...) -- C:\awh57C.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 18:43:31 ---A- . (...) -- C:\awh8B6.tmp [687]
O44 - LFC:[MD5.92D7DBD36D637402BEF95A052D32E079] - 25/06/2014 - 22:14:46 ---A- . (...) -- C:\Windows\win.ini [603]
O44 - LFC:[MD5.001A1BF2BDE7F27B334B5A69DC8A4EE4] - 25/06/2014 - 22:27:47 ---A- . (...) -- C:\zoek-results2014-06-26-012747.log [42843]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:31:17 ---A- . (...) -- C:\awhF22A.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:42:42 ---A- . (...) -- C:\awh981.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 10:39:17 ---A- . (...) -- C:\awhE08E.tmp [687]
O44 - LFC:[MD5.956AB0B6727EB8AE97709C1B8CA3AAE2] - 26/06/2014 - 10:53:17 ---A- . (...) -- C:\zoek-results2014-06-26-135317.log [25252]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 11:43:00 ---A- . (...) -- C:\awhE8B8.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 13:12:33 ---A- . (...) -- C:\awhF842.tmp [687]
O44 - LFC:[MD5.61292F053777692F6424449D3ED9B67C] - 26/06/2014 - 13:21:13 ---A- . (...) -- C:\zoek-results2014-06-26-162113.log [6211]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 15:00:02 ---A- . (...) -- C:\awh8075.tmp [687]
O44 - LFC:[MD5.C407BDB3A7824F8ACB2A979A8613F23C] - 26/06/2014 - 15:05:51 ---A- . (...) -- C:\zoek-results.log [4741]
O44 - LFC:[MD5.D49BFEA08A53F45F05EBC947014CD0B3] - 26/06/2014 - 17:17:16 ---A- . (...) -- C:\Windows\IE11_main.log [858393]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:25:43 ---A- . (...) -- C:\awhF41E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:46:34 ---A- . (...) -- C:\awhF259.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 18:41:28 ---A- . (...) -- C:\awhEB28.tmp [687]
~ Files: 36 Legitimates Filtered in 00mn 32s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{87037952-e813-11e1-847e-806e6f6e6963}\AutoRun\command. (.No owner - SETUP MFC Application.) -- E:\autorun.exe
~ Keys: Scanned in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/01/2014 - 00:59:20 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:22/01/2014 - 22:15:47 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:24/04/2012 - 16:42:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [258896]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:16/06/2014 - 09:59:16 ---A- . (.nethfdrv - nethfdrv.) -- C:\Windows\System32\Drivers\nethfdrv.sys [46160]
O58 - SDL:06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:03/04/2014 - 11:09:40 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:17/08/2012 - 11:32:44 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 64 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/06/2014 - C:\windows\system32\drivers\nethfdrv.sys (nethfdrv) .(.nethfdrv - nethfdrv.) - LEGACY_NETHFDRV
~ Legacy: 96 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C5CF6C3C97BD95591DAB1A4D0499FFC] [SPRF][26/04/2014] (...) -- C:\Users\Corcino\AppData\Roaming\unins000.dat [15831]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLemurLeap_RASMANCS =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32 =>PUP.LemurLeap
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS =>PUP.LemurLeap
~ BTK: 131 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 24/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/08/2010 166704 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/06/2014 180224 | (NetHttpService) . (...) - C:\windows\SysWOW64\nethtsrv.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 16/06/2014 159744 | (ServiceUpdater) . (...) - C:\windows\SysWOW64\netupdsrv.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode8120] =>PUP.MediaBuzz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha2441] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8847] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha1746] =>PUP.MediaViewer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home116] =>PUP.MediaWatch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release334] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\RichMediaViewV1] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^
~ Additionnel Scan: 244219 Items scanned in 00mn 45s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SaveSense
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LemurLeap
~ MSI: 4 link(s) detected in 00mn 00s



~ 758 Legitimates filtered by white list
End of the scan (493 lines in 02mn 24s)(0)


marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 19:21

sites - Links de propaganda nos sites. 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_________________________________________________________________________________________

sites - Links de propaganda nos sites. 772309  Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

sites - Links de propaganda nos sites. 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 21:59

segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Corcino at 26/06/2014 21:53:36
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\mediabuzzv1\mediabuzzv1mode8120\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewv1\mediaviewv1alpha2441\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewv1\mediaviewv1alpha8847\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediaviewerv1\mediaviewerv1alpha1746\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\mediawatchv1\mediawatchv1home116\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\common files\config\uninstinethnfd.exe
AUSENTE Uninstall Process: c:\program files (x86)\richmediaviewv1\richmediaviewv1release334\uninstall.exe

========== Estado dos serviços ==========
NETHFDRV Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaBuzzV1mode8120]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha2441]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha8847]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewerV1alpha1746]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MediaWatchV1home116]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release334]
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: nethfdrv
ELIMINÉ Driver Key: {c8905eec-9eab-447c-84a8-9e864d454523}Gw64
ELIMINÉ Driver Key: {c8905eec-9eab-447c-84a8-9e864d454523}w64
ELIMINÉ: HKCU\Software\focusbase
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\RichMediaViewV1
ELIMINÉ: HKLM\Software\Wow6432Node\SaveSenseLive
ELIMINÉ: HKLM\Software\Wow6432Node\focusbase
ELIMINÉ:* HKLM\Software\baidu
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\updateLemurLeap_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilLemurLeap_RASMANCS

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: ETDCtrl
ELIMINÉ RunValue: csafterinstall
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\360avflt.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\efimon.sys
ELIMINÉ Temporários windows (119) (4.382.939 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {8E4A6320-0AAB-4737-A2E1-C0C0D8CCCEA9}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
22 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
4 : Ficheiros
7 : Softwares
1 : Estado dos serviços
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 38s

========== Caminho do ficheiro do relatório ==========
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 21:53:41 [3859]
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 22:46

sites - Links de propaganda nos sites. 772309 Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Qui 26 Jun 2014, 23:04

~ Relatório do ZHPDiag v2014.6.25.98 - Nicolas Coolman (25/06/2014)
~ Iniciado por Corcino (26/06/2014 22:57:10)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 9
Java 7 Update 60

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1961 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (62%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CORCINO-PC
~ User Name: Corcino
~ All Users Names: Corcino, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Corcino\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Corcino\AppData\Roaming\
~ %Desktop% : C:\Users\Corcino\Desktop\
~ %Favorites% : C:\Users\Corcino\Favorites\
~ %LocalAppData% : C:\Users\Corcino\AppData\Local\
~ %StartMenu% : C:\Users\Corcino\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 165 Go of 165 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 19:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 22:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/5
~ Mon Bureau (My Desktop) : 3/389
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.1152]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.1140]
[MD5.EDAD4A8A1D46AFCF9E76B996D55116EB] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.1100]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3428]
[MD5.BC5C2A727B521B58A6C7ACF931D93F86] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [1040264] [PID.3452]
[MD5.D5C65D259096440FF3426852C712B2E0] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [7062608] [PID.3464]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.3616]
[MD5.71094F0CC1E88EB690EA2D33CD23D4FF] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4394576] [PID.2548]
[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.2332]
[MD5.75BD6130D6D1151CB3CAA8296EAD9E5F] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [3398736] [PID.3964]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.1580]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3784]
[MD5.1F62DCBF33A67CAA5E68ADECBB25C3C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8071680] [PID.3748]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.780]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904] [PID.1596]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.1884]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1944]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2112]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.1588]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1876]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Corcino\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Corcino\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper [64Bits] - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{046A00E0-B954-4C5D-81C4-7D69EB53A25B}: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{6277E4AE-0826-4938-8343-2D939E140C7E}: DhcpNameServer = 186.223.128.14 186.223.128.17 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 6 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (nethfdrv) . (. - .) - C:\windows\system32\drivers\nethfdrv.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}Gw64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}Gw64.sys (.not file.)
O41 - Driver: ({c8905eec-9eab-447c-84a8-9e864d454523}w64) . (. - .) - C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys (.not file.)
~ Drivers: 67 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: focusbase - (.focusbase.) [HKLM][64Bits] -- focusbase
~ Logic: 39 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\OB]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Client]
[HKLM\Software\Wow6432Node\MediaBuzzV1mode8120] =>PUP.MediaBuzz
[HKLM\Software\Wow6432Node\MediaViewV1alpha2441] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\MediaViewV1alpha8847] =>PUP.MediaViewer
[HKLM\Software\Wow6432Node\MediaViewerV1alpha1746]
[HKLM\Software\Wow6432Node\MediaWatchV1home116] =>PUP.MediaWatch
[HKLM\Software\Wow6432Node\RichMediaViewV1release334] =>PUP.MediaViewer
~ Key Software: 256 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/06/2014 - 21:53:21 - [] ----D C:\Program Files (x86)\Common Files\Config
O43 - CFD: 03/10/2013 - 13:56:22 - [] ----D C:\Users\Corcino\AppData\Roaming\Virus Scan
~ Program Folder: 136 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 19/06/2014 - 23:14:57 ---A- . (...) -- C:\awh7242.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 12:53:44 ---A- . (...) -- C:\awh4E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:01:49 ---A- . (...) -- C:\awhFE99.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 24/06/2014 - 18:29:10 ---A- . (...) -- C:\awhE9A2.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 12:04:58 ---A- . (...) -- C:\awh57C.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 18:43:31 ---A- . (...) -- C:\awh8B6.tmp [687]
O44 - LFC:[MD5.92D7DBD36D637402BEF95A052D32E079] - 25/06/2014 - 22:14:46 ---A- . (...) -- C:\Windows\win.ini [603]
O44 - LFC:[MD5.001A1BF2BDE7F27B334B5A69DC8A4EE4] - 25/06/2014 - 22:27:47 ---A- . (...) -- C:\zoek-results2014-06-26-012747.log [42843]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:31:17 ---A- . (...) -- C:\awhF22A.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 25/06/2014 - 22:42:42 ---A- . (...) -- C:\awh981.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 10:39:17 ---A- . (...) -- C:\awhE08E.tmp [687]
O44 - LFC:[MD5.956AB0B6727EB8AE97709C1B8CA3AAE2] - 26/06/2014 - 10:53:17 ---A- . (...) -- C:\zoek-results2014-06-26-135317.log [25252]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 11:43:00 ---A- . (...) -- C:\awhE8B8.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 13:12:33 ---A- . (...) -- C:\awhF842.tmp [687]
O44 - LFC:[MD5.61292F053777692F6424449D3ED9B67C] - 26/06/2014 - 13:21:13 ---A- . (...) -- C:\zoek-results2014-06-26-162113.log [6211]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 15:00:02 ---A- . (...) -- C:\awh8075.tmp [687]
O44 - LFC:[MD5.C407BDB3A7824F8ACB2A979A8613F23C] - 26/06/2014 - 15:05:51 ---A- . (...) -- C:\zoek-results.log [4741]
O44 - LFC:[MD5.D49BFEA08A53F45F05EBC947014CD0B3] - 26/06/2014 - 17:17:16 ---A- . (...) -- C:\Windows\IE11_main.log [858393]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:25:43 ---A- . (...) -- C:\awhF41E.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 17:46:34 ---A- . (...) -- C:\awhF259.tmp [687]
O44 - LFC:[MD5.F14F1EBB47CCBD9C1AE2348E8FF7BF9E] - 26/06/2014 - 18:41:28 ---A- . (...) -- C:\awhEB28.tmp [687]
~ Files: 35 Legitimates Filtered in 00mn 05s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{87037952-e813-11e1-847e-806e6f6e6963}\AutoRun\command. (.No owner - SETUP MFC Application.) -- E:\autorun.exe
~ Keys: Scanned in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:19/01/2014 - 00:59:20 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:22/01/2014 - 22:15:47 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:24/04/2012 - 16:42:16 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [258896]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/02/2013 - 07:42:08 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [102936]
O58 - SDL:06/02/2013 - 07:42:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203544]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:03/04/2014 - 11:09:40 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:17/08/2012 - 11:32:44 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144]
~ Drivers: 63 Legitimates Filtered in 00mn 42s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C5CF6C3C97BD95591DAB1A4D0499FFC] [SPRF][26/04/2014] (...) -- C:\Users\Corcino\AppData\Roaming\unins000.dat [15831]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SS - | Auto 24/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/08/2010 166704 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13026 - (25/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5

[HKLM\Software\Wow6432Node\MediaBuzzV1mode8120] =>PUP.MediaBuzz^
[HKLM\Software\Wow6432Node\MediaViewV1alpha2441] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\MediaViewV1alpha8847] =>PUP.MediaViewer^
[HKLM\Software\Wow6432Node\MediaWatchV1home116] =>PUP.MediaWatch^
[HKLM\Software\Wow6432Node\RichMediaViewV1release334] =>PUP.MediaViewer^
~ Additionnel Scan: 243969 Items scanned in 00mn 50s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MediaBuzz
~ MSI: 1 link(s) detected in 00mn 00s



~ 729 Legitimates filtered by white list
End of the scan (440 lines in 02mn 52s)(0)
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Qui 26 Jun 2014, 23:14

sites - Links de propaganda nos sites. 772309  Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

sites - Links de propaganda nos sites. 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 10:01

segue:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Corcino at 27/06/2014 09:55:52
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (04mn 32s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\MediaBuzzV1mode8120
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewV1alpha2441
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewV1alpha8847
ELIMINÉ: HKLM\Software\Wow6432Node\MediaViewerV1alpha1746
ELIMINÉ: HKLM\Software\Wow6432Node\MediaWatchV1home116
ELIMINÉ: HKLM\Software\Wow6432Node\RichMediaViewV1release334

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\360avflt.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\efimon.sys
ELIMINÉ Temporários windows (2) (780 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 05mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/06/2014 21:53:41 [3941]
C:\Users\Corcino\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/06/2014 10:00:24 [1391]
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Sex 27 Jun 2014, 10:07

Como está seu PC depois destes procedimentos?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 11:10

Perfeito, não sei como agradecer.

Bom saber que existem pessoas boas e disponíveis pra ajudar tb na internet.

Muito obrigado e fico a disposição pra ajudar em qualquer coisa.
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Power Max em Sex 27 Jun 2014, 12:01

isso aí! Fico feliz que o problema tenha sido resolvido.

sites - Links de propaganda nos sites. 772309 Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

sites - Links de propaganda nos sites. 772309 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

sites - Links de propaganda nos sites. 648673379 Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por marcoscorcino em Sex 27 Jun 2014, 12:22

Ok, valeu!!!!
marcoscorcino
marcoscorcino
Iniciante
Iniciante

Mensagens : 16
Reputação : 0
Data de inscrição : 25/06/2014

Voltar ao Topo Ir em baixo

sites - Links de propaganda nos sites. Empty Re: Links de propaganda nos sites.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum