Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Suspeita de Vírus
2 participantes
Página 3 de 4
Página 3 de 4 • 
1, 2, 3, 4
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Qua 30 Jul 2014, 23:48
Embora eu só possa analisar amanhã, você já pode deixar o relatório do ZHPDiag aqui no seu tópico, assim já adianta a solução.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qua 30 Jul 2014, 23:59
~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)
~ Iniciado por casal (30/07/2014 22:42:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 252 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 252 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 18:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 05:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 02:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/236
~ Mon Bureau (My Desktop) : 1/2019
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.4312]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4388]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4520]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.4676]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.4800]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.4860]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.5156]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.5324]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.5624]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5692]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4492]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.4636]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.4796]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.5060]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.5800]
[MD5.8766CBFBD3982D726ECAC1DD4A803B1E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1436352] [PID.5972]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3148]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.2036]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4596]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8080384] [PID.5684]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [785904] [PID.820]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [785904] [PID.916]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1168]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1704]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.448]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1528]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2680]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2824]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3840]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.4480]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [785904] [PID.5760]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [785904] [PID.5868]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.5024]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.5488]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe [785904] [PID.5584]
[MD5.3624F47B37C3F934E2F8E159BA00C8AF] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe [550432] [PID.4136]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 27s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (...) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [casal]: FLVM Player.lnk . (...) -- C:\Program Files\FLVM Player\FLVMPlayer.exe (.not file.) =>PUP.FLVMPlayer
~ Global Startup: 1 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (...) - C:\Program Files\baidu\Spark\sparkservice.exe (.not file.)
~ Services: 10 Legitimates Filtered in 00mn 44s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA [1078]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
O41 - Driver: (nnfwdk) . (. - .) - C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu Inc..) [HKLM] -- Baidu PC Faster 4.0.0.0
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM] -- SearchSnacks
~ Logic: 25 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AdsFix]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 218 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/07/2014 - 12:56:13 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 10/04/2014 - 17:12:19 - [] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 30/07/2014 - 12:24:02 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 30/07/2014 - 12:56:13 - [] ----D C:\Users\casal\AppData\Roaming\Baidu Security
O43 - CFD: 01/08/2012 - 20:46:05 - [] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 30/07/2014 - 17:31:56 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 178 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/07/2014 - 00:21:26 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C2A812D2DC3F76118011BFE3DA38D10C] - 29/07/2014 - 20:38:17 ---A- . (...) -- C:\AdsFix.txt [18033]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 30/07/2014 - 12:24:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.26ACE4412CADF96DFE37A33933C5B44F] - 30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [111424]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.34AB1C0DFEEB3FAE7F1D8E850E2981EF] - 30/07/2014 - 15:04:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [110410]
O44 - LFC:[MD5.52C37A61AFD65B867E7D2B6FB7506F71] - 30/07/2014 - 17:40:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.52C37A61AFD65B867E7D2B6FB7506F71] - 30/07/2014 - 17:40:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.67D31632299510DC0A24A8C63A43D712] - 30/07/2014 - 17:59:47 ---A- . (...) -- C:\LOG 1.txt [9032]
O44 - LFC:[MD5.03664434F637D9B8FB892D62CA115482] - 30/07/2014 - 20:42:41 ---A- . (...) -- C:\Log 2.txt [1167]
~ Files: 38 Legitimates Filtered in 00mn 09s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:10/03/2014 - 23:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [111424]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:01/07/2014 - 17:11:08 ---A- . (.Search Snacks - Search Snacks Driver x86.) -- C:\Windows\System32\Drivers\ssnfd.sys [52744]
O58 - SDL:12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 88 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 10/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 30/07/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 30/07/2014 - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 105 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\casal\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][29/07/2014] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\67b7a.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 248 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (SparkSvc) . (...) - C:\Program Files\baidu\Spark\sparkservice.exe
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 16/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 10/07/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
SR - | Auto 30/07/2014 785904 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 47s
---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
C:\Windows\Installer\67b7a.msi =>Toolbar.Bing^
~ Additionnel Scan: 253106 Items scanned in 02mn 27s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 776 Legitimates filtered by white list
End of the scan (518 lines in 05mn 44s)(0)
~ Iniciado por casal (30/07/2014 22:42:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 252 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 252 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 18:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 05:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 02:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/236
~ Mon Bureau (My Desktop) : 1/2019
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.4312]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4388]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.4520]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.4676]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.4800]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.4860]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.5156]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.5324]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.5624]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5692]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4492]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.4636]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.4796]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.5060]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.5800]
[MD5.8766CBFBD3982D726ECAC1DD4A803B1E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1436352] [PID.5972]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3148]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.2036]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4596]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8080384] [PID.5684]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [785904] [PID.820]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [785904] [PID.916]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1168]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1704]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.448]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1528]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2680]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2824]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3840]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.4480]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [785904] [PID.5760]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [785904] [PID.5868]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.5024]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.5488]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe [785904] [PID.5584]
[MD5.3624F47B37C3F934E2F8E159BA00C8AF] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe [550432] [PID.4136]
~ Processes Running: Scanned in 00mn 05s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 27s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (...) -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [casal]: FLVM Player.lnk . (...) -- C:\Program Files\FLVM Player\FLVMPlayer.exe (.not file.) =>PUP.FLVMPlayer
~ Global Startup: 1 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (...) - C:\Program Files\baidu\Spark\sparkservice.exe (.not file.)
~ Services: 10 Legitimates Filtered in 00mn 44s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA [1078]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
O41 - Driver: (nnfwdk) . (. - .) - C:\Program Files\NetRatingsNetSight\NetSight\meter2\nnfwdk.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu Inc..) [HKLM] -- Baidu PC Faster 4.0.0.0
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM] -- SearchSnacks
~ Logic: 25 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AdsFix]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 218 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/07/2014 - 12:56:13 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 10/04/2014 - 17:12:19 - [] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 30/07/2014 - 12:24:02 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 30/07/2014 - 12:56:13 - [] ----D C:\Users\casal\AppData\Roaming\Baidu Security
O43 - CFD: 01/08/2012 - 20:46:05 - [] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 30/07/2014 - 17:31:56 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 178 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/07/2014 - 00:21:26 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C2A812D2DC3F76118011BFE3DA38D10C] - 29/07/2014 - 20:38:17 ---A- . (...) -- C:\AdsFix.txt [18033]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 30/07/2014 - 12:24:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.26ACE4412CADF96DFE37A33933C5B44F] - 30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [111424]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.34AB1C0DFEEB3FAE7F1D8E850E2981EF] - 30/07/2014 - 15:04:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [110410]
O44 - LFC:[MD5.52C37A61AFD65B867E7D2B6FB7506F71] - 30/07/2014 - 17:40:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.52C37A61AFD65B867E7D2B6FB7506F71] - 30/07/2014 - 17:40:38 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.67D31632299510DC0A24A8C63A43D712] - 30/07/2014 - 17:59:47 ---A- . (...) -- C:\LOG 1.txt [9032]
O44 - LFC:[MD5.03664434F637D9B8FB892D62CA115482] - 30/07/2014 - 20:42:41 ---A- . (...) -- C:\Log 2.txt [1167]
~ Files: 38 Legitimates Filtered in 00mn 09s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:10/03/2014 - 23:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys [111424]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:01/07/2014 - 17:11:08 ---A- . (.Search Snacks - Search Snacks Driver x86.) -- C:\Windows\System32\Drivers\ssnfd.sys [52744]
O58 - SDL:12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 88 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 10/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 30/07/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 30/07/2014 - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 105 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][29/07/2014] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\67b7a.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 248 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (SparkSvc) . (...) - C:\Program Files\baidu\Spark\sparkservice.exe
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 16/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 10/07/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
SR - | Auto 30/07/2014 785904 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 47s
---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
C:\Windows\Installer\67b7a.msi =>Toolbar.Bing^
~ Additionnel Scan: 253106 Items scanned in 02mn 27s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 776 Legitimates filtered by white list
End of the scan (518 lines in 05mn 44s)(0)
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 00:02
Calma, já estávamos fazendo isso;Power Max ! 
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 10:39
O Baidu Pc Faster ainda pede para atualizar Ccleaner, aTubeCather...
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Qui 31 Jul 2014, 11:15
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 05 Ago 2014, 13:19, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 11:42
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by casal at 31/07/2014 10:36:09
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 18s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\baidu security\pc faster\4.0.0.0\uninstall.exe
AUSENTE Uninstall Process: c:\program files\searchsnacks\uninstall.exe
========== Estado dos serviços ==========
BHBASE Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ:* Service: PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:* Service: SparkSvc
ELIMINÉ Driver Key: nnfwdk
ELIMINÉ:* Mozilla Plugin: @nielsen/FirefoxTracker
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:* HKCU\Software\Baidu
ELIMINÉ:³ HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
ELIMINÉ:* Service: SparkUpdater
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\casal\desktop\flvm player.lnk
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc app store\4.6.1.6274\pcappstoresvc.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfastersvc.exe
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ Temporários windows (201) (95.203.366 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
12 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
9 : Ficheiros
2 : Softwares
3 : Estado dos serviços
1 : Restauração Sistema
End of clean in 05mn 10s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:36:28 [2289]
Aparece mensagem que o baidu quer limpar o Pc.
Fichier d'export Registre :
Run by casal at 31/07/2014 10:36:09
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 18s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\baidu security\pc faster\4.0.0.0\uninstall.exe
AUSENTE Uninstall Process: c:\program files\searchsnacks\uninstall.exe
========== Estado dos serviços ==========
BHBASE Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ:* Service: PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:* Service: SparkSvc
ELIMINÉ Driver Key: nnfwdk
ELIMINÉ:* Mozilla Plugin: @nielsen/FirefoxTracker
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:* HKCU\Software\Baidu
ELIMINÉ:³ HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
ELIMINÉ:* Service: SparkUpdater
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\casal\desktop\flvm player.lnk
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc app store\4.6.1.6274\pcappstoresvc.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfastersvc.exe
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ Temporários windows (201) (95.203.366 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
12 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
9 : Ficheiros
2 : Softwares
3 : Estado dos serviços
1 : Restauração Sistema
End of clean in 05mn 10s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:36:28 [2289]
Aparece mensagem que o baidu quer limpar o Pc.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 11:57
Consta que o Baidu foi atualizado 2014.62.31.82081,foram adicionados 40 programas e 353 wallpapers, kaspersk antivírus...
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Qui 31 Jul 2014, 12:50
Como que aconteceu isto? Ele fez este processo automaticamente ou você baixou algum outro programa?Rodrig escreveu:Consta que o Baidu foi atualizado 2014.62.31.82081,foram adicionados 40 programas e 353 wallpapers, kaspersk antivírus...
____________________________________________________________________________________
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 13:05
Não baixei nada. Ele mesmo se protege, ao limpar ele pediu para o próprio fazer a limpeza,claro que não apertei nada. Somente segui as instruções que pediu. Só estou fazendo isso mais nada.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
(RESOLVIDO) Suspeita de Vírus
por Rodrig Qui 31 Jul 2014, 13:26
~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)
~ Iniciado por casal (31/07/2014 12:07:31)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 251 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 251 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 18:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 05:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 02:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/236
~ Mon Bureau (My Desktop) : 1/2019
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1568]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1548]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1560]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.660]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2144]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3044]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3116]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.4044]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.1060]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.1492]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4312]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.4424]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.4472]
[MD5.8766CBFBD3982D726ECAC1DD4A803B1E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1436352] [PID.4536]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.4588]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.4984]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.4292]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.4408]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5456]
[MD5.3B44E6B2C9F52F1ED18A14FBD9ADEB25] - (...) -- C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\AppStoreUtilexe.exe [1795104] [PID.2368]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8080384] [PID.700]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [785904] [PID.820]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [785904] [PID.904]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1304]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1752]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.388]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.432]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1512]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2432]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2556]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3236]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.4564]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [785904] [PID.5020]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [785904] [PID.5040]
[MD5.45B759FF010041FF0EFFABCF064D3FE5] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe [550432] [PID.5888]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.3560]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4244]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe [785904] [PID.3160]
~ Processes Running: Scanned in 00mn 06s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 29s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu PC App Store Service 4.5.1.6176 (PCAppStoreSvc_{PCAppStore_4.5.1.6176}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
~ Services: 10 Legitimates Filtered in 00mn 44s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA [1078]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 72 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu Inc..) [HKLM] -- Baidu PC Faster 4.0.0.0
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 24 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\Baidu Security]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AdsFix]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 214 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/07/2014 - 10:40:28 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 10/04/2014 - 17:12:19 - [] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 31/07/2014 - 11:00:17 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 31/07/2014 - 10:40:28 - [] ----D C:\Users\casal\AppData\Roaming\Baidu Security
O43 - CFD: 01/08/2012 - 20:46:05 - [] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 31/07/2014 - 10:41:16 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 178 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/07/2014 - 00:21:26 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C2A812D2DC3F76118011BFE3DA38D10C] - 29/07/2014 - 20:38:17 ---A- . (...) -- C:\AdsFix.txt [18033]
O44 - LFC:[MD5.26ACE4412CADF96DFE37A33933C5B44F] - 30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [111424]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.34AB1C0DFEEB3FAE7F1D8E850E2981EF] - 30/07/2014 - 15:04:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [110410]
O44 - LFC:[MD5.67D31632299510DC0A24A8C63A43D712] - 30/07/2014 - 17:59:47 ---A- . (...) -- C:\LOG 1.txt [9032]
O44 - LFC:[MD5.03664434F637D9B8FB892D62CA115482] - 30/07/2014 - 20:42:41 ---A- . (...) -- C:\Log 2.txt [1167]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 31/07/2014 - 10:39:49 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.E1DCDB2DA02A46A29D66C9908D6EC9E0] - 31/07/2014 - 10:48:39 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.E1DCDB2DA02A46A29D66C9908D6EC9E0] - 31/07/2014 - 10:48:39 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
~ Files: 38 Legitimates Filtered in 00mn 14s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:10/03/2014 - 23:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [111424]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 10/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 30/07/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 30/07/2014 - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 105 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\casal\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][29/07/2014] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\67b7a.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 248 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 16/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 30/06/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.5.1.6176}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe
SR - | Auto 30/07/2014 785904 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 48s
---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
C:\Windows\Installer\67b7a.msi =>Toolbar.Bing^
~ Additionnel Scan: 251826 Items scanned in 02mn 31s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 769 Legitimates filtered by white list
End of the scan (504 lines in 05mn 59s)(0)
~ Iniciado por casal (31/07/2014 12:07:31)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 31.0 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 251 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 251 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 18:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 05:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 02:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/236
~ Mon Bureau (My Desktop) : 1/2019
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1568]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1548]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1560]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.660]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2144]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3044]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3116]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.4044]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.1060]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.1492]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4312]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.4424]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.4472]
[MD5.8766CBFBD3982D726ECAC1DD4A803B1E] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1436352] [PID.4536]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.4588]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.4984]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.4292]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.4408]
[MD5.10F36FB8CD6218CD7F818268E0F3F9C6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5456]
[MD5.3B44E6B2C9F52F1ED18A14FBD9ADEB25] - (...) -- C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\AppStoreUtilexe.exe [1795104] [PID.2368]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8080384] [PID.700]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [785904] [PID.820]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [785904] [PID.904]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1304]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1752]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.388]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.432]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1512]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2432]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2556]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3236]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.4564]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [785904] [PID.5020]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [785904] [PID.5040]
[MD5.45B759FF010041FF0EFFABCF064D3FE5] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe [550432] [PID.5888]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.3560]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4244]
[MD5.B78C24426A45A01A27C50E496D7D01BB] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PluginRemoverSvc.exe [785904] [PID.3160]
~ Processes Running: Scanned in 00mn 06s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 29s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu PC App Store Service 4.5.1.6176 (PCAppStoreSvc_{PCAppStore_4.5.1.6176}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
~ Services: 10 Legitimates Filtered in 00mn 44s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1050]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000Core [1026]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2364669226-1398954891-4146519358-1000UA [1078]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 72 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu Inc..) [HKLM] -- Baidu PC Faster 4.0.0.0
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 24 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\Baidu Security]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AdsFix]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 214 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/07/2014 - 10:40:28 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 10/04/2014 - 17:12:19 - [] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 31/07/2014 - 11:00:17 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 31/07/2014 - 10:40:28 - [] ----D C:\Users\casal\AppData\Roaming\Baidu Security
O43 - CFD: 01/08/2012 - 20:46:05 - [] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 31/07/2014 - 10:41:16 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 178 Legitimates Filtered in 00mn 02s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/07/2014 - 00:21:26 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.C2A812D2DC3F76118011BFE3DA38D10C] - 29/07/2014 - 20:38:17 ---A- . (...) -- C:\AdsFix.txt [18033]
O44 - LFC:[MD5.26ACE4412CADF96DFE37A33933C5B44F] - 30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [111424]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 30/07/2014 - 14:08:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.34AB1C0DFEEB3FAE7F1D8E850E2981EF] - 30/07/2014 - 15:04:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [110410]
O44 - LFC:[MD5.67D31632299510DC0A24A8C63A43D712] - 30/07/2014 - 17:59:47 ---A- . (...) -- C:\LOG 1.txt [9032]
O44 - LFC:[MD5.03664434F637D9B8FB892D62CA115482] - 30/07/2014 - 20:42:41 ---A- . (...) -- C:\Log 2.txt [1167]
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 31/07/2014 - 10:39:49 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.E1DCDB2DA02A46A29D66C9908D6EC9E0] - 31/07/2014 - 10:48:39 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.E1DCDB2DA02A46A29D66C9908D6EC9E0] - 31/07/2014 - 10:48:39 ---A- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
~ Files: 38 Legitimates Filtered in 00mn 14s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:16/07/2014 - 18:01:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:10/03/2014 - 23:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:30/07/2014 - 12:26:41 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [111424]
O58 - SDL:13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 16/07/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 10/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 30/07/2014 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 30/07/2014 - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 105 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][29/07/2014] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\67b7a.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 248 Legitimates Filtered in 00mn 01s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 16/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 30/06/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.5.1.6176}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe
SR - | Auto 30/07/2014 785904 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 48s
---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
C:\Windows\Installer\67b7a.msi =>Toolbar.Bing^
~ Additionnel Scan: 251826 Items scanned in 02mn 31s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 769 Legitimates filtered by white list
End of the scan (504 lines in 05mn 59s)(0)
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sex 01 Ago 2014, 09:39
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 05 Ago 2014, 13:20, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Sex 01 Ago 2014, 13:28
Aparece a mesma mensagem que lhe descrevi acima. Outra coisa, durante o processo de limpeza ZHPfix o baidu faster numa tela verde,dizendo que ele mesmo faz a limpeza e que tem 1470 kilobytes para limpar então aperto para fechar pois tenho que continuar com ZHPfix com a opção e o ZHPfix continua normalmente. Reinicio o pc e lhe passo o relatório. Isto acontece pela segunda vez.
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by casal at 01/08/2014 12:06:17
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (03mn 16s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\baidu security\pc faster\4.0.0.0\uninstall.exe
========== Estado dos serviços ==========
BHBASE Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:* Service: PCAppStoreSvc_{PCAppStore_4.5.1.6176}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc app store\4.5.1.6176\pcappstoresvc.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfastersvc.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (16) (3.190.297 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
5 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
3 : Estado dos serviços
1 : Restauração Sistema
End of clean in 08mn 00s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:36:28 [2369]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R2].txt - 01/08/2014 12:09:34 [1899]
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by casal at 01/08/2014 12:06:17
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (03mn 16s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\baidu security\pc faster\4.0.0.0\uninstall.exe
========== Estado dos serviços ==========
BHBASE Parado
BPROTECTEX Parado
PCFAPIUTIL Parado
========== Chaves do Registo ==========
ELIMINÉ:* Service: PCAppStoreSvc_{PCAppStore_4.5.1.6176}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu_Drp_pos
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc app store\4.5.1.6176\pcappstoresvc.exe
ELIMINA REINICIAR: c:\program files\baidu security\pc faster\4.0.0.0\pcfastersvc.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (16) (3.190.297 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
5 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
3 : Estado dos serviços
1 : Restauração Sistema
End of clean in 08mn 00s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/07/2014 10:36:28 [2369]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R2].txt - 01/08/2014 12:09:34 [1899]
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sex 01 Ago 2014, 13:58
Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (versão 32 bits)
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (versão 32 bits)
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Última edição por Power Max em Ter 05 Ago 2014, 13:21, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Sex 01 Ago 2014, 14:44
SystemLook 30.07.11 by jpshortstuff
Log created at 13:38 on 01/08/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\Users\Public\Documents\Baidu d------ [17:59 30/07/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\Baidu Security]
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"="http://csu.pcfaster.baidu.com/cgi-bin/ps_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"t"="http://csu.pcfaster.baidu.com/cgi-bin/cloud_script.cgi"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark]
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"InstallDir"="C:\Program Files\baidu\Spark"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"ProgId"="BaiduSpark.Url.magnet"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"BaiduSpark"="Software\Clients\StartMenuInternet\BaiduSpark\Capabilities"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet]
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML]
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\ProgramData\Baidu Security\PC Faster\RpData\rpFile-PCFasterSvc-2014-08-01 08-12-10-0061-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\ProgramData\Baidu Security\PC Faster\RpData\rpFile-PCFTray-2014-08-01 08-16-56-0992-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids]
"baiduspark.Torrent"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon]
@=""C:\Program Files\baidu\Spark\Spark.exe",-548"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowsertorrent.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE]
@="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationName"="BaiduSpark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationIcon"="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowser.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationDescription"="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".xhtml"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".xht"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".shtml"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".html"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".htm"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu]
"StartMenuInternet"="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"https"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"http"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"ftp"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowser.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetEnabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"HideIconsCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetDisabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"ReinstallCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetDefault"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
"Path"="C:\Program Files\baidu\Spark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
"Path"="C:\Program Files\baidu\Spark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"=""C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName"="Baidu PC Faster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher"="Baidu Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallDir"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"DisplayIcon"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"UninstallString"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"InstallDir"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"DisplayName"="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"UninstallString"=""C:\Program Files\baidu\Spark\uninst.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"DisplayIcon"=""C:\Program Files\baidu\Spark\resource\application\image\BaiduBrowser.ico""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"Publisher"="Baidu Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"HelpLink"="http://en.browser.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}]
"Path"="\Baidu PC Faster Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}]
"Path"="\Baidu PC Faster Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BaiduSpark.EXE"="Software\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"ImagePath"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"Description"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"ImagePath"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"Description"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"="http://csu.pcfaster.baidu.com/cgi-bin/ps_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"t"="http://csu.pcfaster.baidu.com/cgi-bin/cloud_script.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"InstallDir"="C:\Program Files\baidu\Spark"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"ProgId"="BaiduSpark.Url.magnet"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\RegisteredApplications]
"BaiduSpark"="Software\Clients\StartMenuInternet\BaiduSpark\Capabilities"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
-= EOF =-
Log created at 13:38 on 01/08/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\Users\Public\Documents\Baidu d------ [17:59 30/07/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\Baidu Security]
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"="http://csu.pcfaster.baidu.com/cgi-bin/ps_put_file.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"t"="http://csu.pcfaster.baidu.com/cgi-bin/cloud_script.cgi"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark]
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"InstallDir"="C:\Program Files\baidu\Spark"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"ProgId"="BaiduSpark.Url.magnet"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"BaiduSpark"="Software\Clients\StartMenuInternet\BaiduSpark\Capabilities"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet]
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML]
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\ProgramData\Baidu Security\PC Faster\RpData\rpFile-PCFasterSvc-2014-08-01 08-12-10-0061-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\ProgramData\Baidu Security\PC Faster\RpData\rpFile-PCFTray-2014-08-01 08-16-56-0992-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids]
"baiduspark.Torrent"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon]
@=""C:\Program Files\baidu\Spark\Spark.exe",-548"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowsertorrent.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE]
@="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationName"="BaiduSpark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationIcon"="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowser.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities]
"ApplicationDescription"="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".xhtml"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".xht"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".shtml"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".html"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations]
".htm"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu]
"StartMenuInternet"="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"https"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"http"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations]
"ftp"="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowser.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetEnabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"HideIconsCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetDisabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo]
"ReinstallCommand"=""C:\Program Files\baidu\Spark\Spark.exe" --type=ToolUtilProcess --action=SetDefault"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe]
"Path"="C:\Program Files\baidu\Spark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
"Path"="C:\Program Files\baidu\Spark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"=""C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName"="Baidu PC Faster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher"="Baidu Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallDir"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"DisplayIcon"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"UninstallString"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\Uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176]
"InstallDir"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"DisplayName"="Baidu Spark Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"UninstallString"=""C:\Program Files\baidu\Spark\uninst.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"DisplayIcon"=""C:\Program Files\baidu\Spark\resource\application\image\BaiduBrowser.ico""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"Publisher"="Baidu Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"HelpLink"="http://en.browser.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}]
"Path"="\Baidu PC Faster Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}]
"Path"="\Baidu PC Faster Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BaiduSpark.EXE"="Software\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"ImagePath"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"Description"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"ImagePath"="C:\Program Files\Baidu Security\PC App Store\4.5.1.6176\PCAppStoreSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}]
"Description"="Baidu PC App Store Service 4.5.1.6176"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"ImagePath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5E595423-AAE7-423B-866E-100FA589A9F5}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12808828-5A17-402A-BA0C-52E0389487E3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\Spark.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EE66ED36-1C57-4D0A-B900-A963E1208EEE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DDA19BA5-51BC-437C-87E9-3236D0EA219F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\baidu\Spark\bdtray.exe|Name=Spark|"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"r"="http://csu.pcfaster.baidu.com/cgi-bin/ps_put_file.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"t"="http://csu.pcfaster.baidu.com/cgi-bin/cloud_script.cgi"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\Program Files\baidu\Spark\Spark.exe"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark]
"InstallDir"="C:\Program Files\baidu\Spark"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"ProgId"="BaiduSpark.Url.magnet"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\RegisteredApplications]
"BaiduSpark"="Software\Clients\StartMenuInternet\BaiduSpark\Capabilities"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet]
@="URL:BaiduSpark Magnet Protocol"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSpark.Url.magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\BaiduSparkHTML\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
-= EOF =-
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sex 01 Ago 2014, 16:00
inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede faça o seguinte:Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Selecione e copie todo o texto destacado em vermelho que te passei.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Última edição por Power Max em Ter 05 Ago 2014, 13:22, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Sex 01 Ago 2014, 16:44
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service Bhbase stopped successfully!
Service Bhbase deleted successfully!
Error: Unable to stop service BprotectEx!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully.
Service PCAppStoreSvc_{PCAppStore_4.5.1.6176} stopped successfully!
Service PCAppStoreSvc_{PCAppStore_4.5.1.6176} deleted successfully!
Service PCFApiUtil stopped successfully!
Service PCFApiUtil deleted successfully!
Service PCFasterSvc_{PCFaster_4.0.0.0} stopped successfully!
Service PCFasterSvc_{PCFaster_4.0.0.0} deleted successfully!
========== FILES ==========
C:\Users\Public\Documents\Baidu\Common\I18N folder moved successfully.
C:\Users\Public\Documents\Baidu\Common folder moved successfully.
C:\Users\Public\Documents\Baidu folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Baidu Security\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo\ not found.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations not found.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\InstallDir deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice\\ProgId deleted successfully.
Registry value HKEY_CURRENT_USER\Software\RegisteredApplications\\BaiduSpark deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\.torrent\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command\ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\\baiduspark.Torrent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\Path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Baidu PC Faster 4.0.0.0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\InstallDir deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\HelpLink deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}\\Path scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{070E10FF-B07C-466C-9451-A575ECE3CD75}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}\\Path scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB30782F-69BC-47ED-A788-C22B40F95051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\\BaiduSpark.EXE deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\\ImagePath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\Description deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\\Progid not found.
========== COMMANDS ==========
Error creating restore point.
OTM by OldTimer - Version 3.1.21.0 log created on 08012014_153231
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051} not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service Bhbase stopped successfully!
Service Bhbase deleted successfully!
Error: Unable to stop service BprotectEx!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully.
Service PCAppStoreSvc_{PCAppStore_4.5.1.6176} stopped successfully!
Service PCAppStoreSvc_{PCAppStore_4.5.1.6176} deleted successfully!
Service PCFApiUtil stopped successfully!
Service PCFApiUtil deleted successfully!
Service PCFasterSvc_{PCFaster_4.0.0.0} stopped successfully!
Service PCFasterSvc_{PCFaster_4.0.0.0} deleted successfully!
========== FILES ==========
C:\Users\Public\Documents\Baidu\Common\I18N folder moved successfully.
C:\Users\Public\Documents\Baidu\Common folder moved successfully.
C:\Users\Public\Documents\Baidu folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Baidu Security\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo\ not found.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations not found.
Registry key HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\\Progid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\InstallDir deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice\\ProgId deleted successfully.
Registry value HKEY_CURRENT_USER\Software\RegisteredApplications\\BaiduSpark deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\.torrent\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSpark.Url.magnet\shell\open\command\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\DefaultIcon\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command not found.
Registry key HKEY_CURRENT_USER\Software\Classes\BaiduSparkHTML\shell\open\command\ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.torrent\OpenWithProgids\\baiduspark.Torrent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\baiduspark.Torrent\shell\open\command\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BaiduSparkHTML\shell\open\command\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DEEC6-1009-4B46-8B42-107FA25C088E}\InprocServer32\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\FileAssociations\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\StartMenu\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\Capabilities\URLAssociations\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\DefaultIcon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\BaiduSpark.EXE\shell\open\command\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BaiduSpark.exe\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\Path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Baidu PC Faster 4.0.0.0 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\\InstallDir deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6176\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\Publisher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\\HelpLink deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}\\Path scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{070E10FF-B07C-466C-9451-A575ECE3CD75}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}\\Path scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB30782F-69BC-47ED-A788-C22B40F95051}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\\BaiduSpark.EXE deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\\ImagePath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\ImagePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\\Description deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0} not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E595423-AAE7-423B-866E-100FA589A9F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E595423-AAE7-423B-866E-100FA589A9F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12808828-5A17-402A-BA0C-52E0389487E3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12808828-5A17-402A-BA0C-52E0389487E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE66ED36-1C57-4D0A-B900-A963E1208EEE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE66ED36-1C57-4D0A-B900-A963E1208EEE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA19BA5-51BC-437C-87E9-3236D0EA219F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDA19BA5-51BC-437C-87E9-3236D0EA219F}\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\\Progid not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\\Progid not found.
========== COMMANDS ==========
Error creating restore point.
OTM by OldTimer - Version 3.1.21.0 log created on 08012014_153231
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070E10FF-B07C-466C-9451-A575ECE3CD75} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB30782F-69BC-47ED-A788-C22B40F95051} not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sex 01 Ago 2014, 17:41
Reinicie o PC.
Depois de ter reiniciado o PC, faça o seguinte :
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Obs : como estou acessando a Internet pelo celular, amanhã te passo o próximo procedimento.
Depois de ter reiniciado o PC, faça o seguinte :
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Obs : como estou acessando a Internet pelo celular, amanhã te passo o próximo procedimento.
Última edição por Power Max em Ter 05 Ago 2014, 13:22, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Sex 01 Ago 2014, 19:31
SystemLook 30.07.11 by jpshortstuff
Log created at 18:26 on 01/08/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\_OTM\MovedFiles\08012014_153231\C_Users\Public\Documents\Baidu d------ [17:59 30/07/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
-= EOF =-
Log created at 18:26 on 01/08/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\Program Files\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Local\Temp\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\casal\AppData\Roaming\baidu d------ [17:59 30/07/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [17:59 30/07/2014]
C:\_OTM\MovedFiles\08012014_153231\C_Users\Public\Documents\Baidu d------ [17:59 30/07/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif]
@="Baidu.FacePack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\baidu\Spark\resource\application\Image\baidubrowserfile.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\${MAIN_PROGRAME}" /url "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274\ShellMenu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR]
@="C:\Program Files\Baidu Security\PC App Store\4.6.1.6274"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent]
@="baiduspark.Torrent"
[HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command]
@=""C:\Program Files\baidu\Spark\Spark.exe" /url "%1""
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
-= EOF =-
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sáb 02 Ago 2014, 09:45
inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede faça o seguinte:Selecione e copie todo o texto destacado em vermelho que te passei.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Última edição por Power Max em Ter 05 Ago 2014, 13:23, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Suspeita de Vírus
por Rodrig Sáb 02 Ago 2014, 13:40
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\.torrent\\@ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command\\@ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\ not found.
========== COMMANDS ==========
Error creating restore point.
OTM by OldTimer - Version 3.1.21.0 log created on 08022014_123729
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Classes\.torrent\\@ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hif\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{062BF5AF-F2C4-42D6-88EF-62AC369CDF76}\1.0\HELPDIR\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\.torrent\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Classes\magnet\shell\open\command\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\.torrent\\@ not found.
Registry value HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000_Classes\magnet\shell\open\command\\@ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\ not found.
========== COMMANDS ==========
Error creating restore point.
OTM by OldTimer - Version 3.1.21.0 log created on 08022014_123729
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\ scheduled to be deleted on reboot.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sáb 02 Ago 2014, 13:43
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Última edição por Power Max em Ter 05 Ago 2014, 13:24, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Vírus
por Rodrig Sáb 02 Ago 2014, 13:59
Ao tentar executar o processo (System Look) o antivírus diz que é um rootkit-gen 
Outra coisa o antivírus quer ser atualizado,mas percebo que o formato da letra é maior/diferente. Continuo mesmo assim
Outra coisa o antivírus quer ser atualizado,mas percebo que o formato da letra é maior/diferente. Continuo mesmo assim
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Suspeita de Vírus
por Power Max Sáb 02 Ago 2014, 14:03
qual antivirus está dando este aviso? o baidu?Rodrig escreveu:Ao tentar executar o processo (System Look) o antivírus diz que é um rootkit-gen
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Página 3 de 4 • 1, 2, 3, 4
Tópicos semelhantes» Suspeita de vírus
» Suspeita de Virus ou Malware ajude-me please !
» Notebook muito lendo, demora pra ligar, suspeita de vírus
» Suspeita de algo malicioso
» Suspeita de Malware roubando a conexão! 2
» Suspeita de Virus ou Malware ajude-me please !
» Notebook muito lendo, demora pra ligar, suspeita de vírus
» Suspeita de algo malicioso
» Suspeita de Malware roubando a conexão! 2
Página 3 de 4
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|