Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
16 usuários online :: 0 registrados, 0 invisíveis e 16 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


Não consigo remover sweet page, baidu,IEtabpage class não decabilita

3 participantes

Página 1 de 2 1, 2  Seguinte

Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Sex 08 Ago 2014, 21:14

Além de outro ThinkniceCo.Limited
Meu computador está totalmente impossível de trabalhar.  Várias caixas de Avast e outras para permitir o tempo todo.
Baixei Advanced System CAre mas não adiantou nada, acho que até piorou... aparece uma caixa do Adobe Flashrunner solicitando permissão o tempo todo quase não dá pra escrever.
Grato;
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Sex 08 Ago 2014, 22:27

Olá Silvana.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Sáb 09 Ago 2014, 20:03

# AdwCleaner v3.304 - Relatório criado 09/08/2014 às 19:55:48
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Silvana - SILVANA-PC
# Executando de : C:\Users\Silvana\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : IePluginServices

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IBUpdaterService
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\Iminent
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Silvana\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Silvana\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\Silvana\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Silvana\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Silvana\AppData\Roaming\PerformerSoft
Pasta Deletada : C:\Users\Silvana\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

***** [ Tarefas ] *****

Tarefa Deletedo : Driver Booster Scan
Tarefa Deletedo : Driver Booster Update
Tarefa Deletedo : MySearchDial

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKCU\Software\5d0dcdfe538be49
Chave Deletedo : HKLM\SOFTWARE\5d0dcdfe538be49
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_avg-anti-virus-free_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_avg-anti-virus-free_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\performersoft llc
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\FlvPlayer
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWindowsMangerProtect
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [12066 octets] - [09/08/2014 19:53:52]
AdwCleaner[S0].txt - [11153 octets] - [09/08/2014 19:55:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11214 octets] ##########
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Sáb 09 Ago 2014, 20:16

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Sáb 09 Ago 2014, 20:28

Olá grata pela ajuda,
mas meu internet explorer continua com problema acionando caixa de Avast e Java SE runtime environment 7 o tempo todo atrapalhando a navegação. Consta na Nome GbIehObj Class
Fornecedor Banco do Brasil S.A.
Status Habilitado
sem possibilidade de desabilitar.

Pode me ajudar nesse também?




Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Sáb 09 Ago 2014, 20:49

Vamos resolver um problema de cada vez. Poste, por gentileza, o log (relatório) do Zoek que está em C:\zoek-results.txt para podermos analisá-lo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Dom 10 Ago 2014, 12:33


Zoek.exe v5.0.0.0 Updated 09-August-2014
Tool run by Silvana on 10/08/2014 at 12:10:22,98.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Silvana\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/08/2014 12:15:13 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16B23EBB-CA02-41AB-8A20-D03D14053458} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\FoxTabFlvPlayer deleted
C:\install.exe deleted
C:\Users\Silvana\Searches deleted
C:\Users\Silvana\AppData\LocalLow\ADSRemoval deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AskToolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\InstallUtil.InstallLog deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/07/2014 16:08]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/07/2014 16:08]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Docs - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Silvana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://br.search.yahoo.com/?type=198484&fr=yo-yhp-ch", "https://www.google.com.br/" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_pt-BRBR429"
{D778BF76-23C5-43F2-B187-AD9E8165298F} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D778BF76-23C5-43F2-B187-AD9E8165298F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Silvana\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Silvana\Desktop\ITQ ZATT\ITQ - todos os impressos.lnk - C:\Users\Silvana\Desktop\ITQ - todos os impressos
C:\Users\Silvana\Desktop\Programas\avast Free Antivirus.lnk -
C:\Users\Silvana\Desktop\Programas\Brother Creative Center.lnk - C:\Program Files\Brother\CreativeCenter\Brother Creative Center.url
C:\Users\Silvana\Desktop\Programas\FoxTab FLV Player.lnk - C:\Program Files\FoxTabFlvPlayer\FLVPlayer.exe
C:\Users\Silvana\Desktop\Programas\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Silvana\Desktop\Programas\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop
C:\Users\Silvana\Desktop\Programas\Receitanet 1.03 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Silvana\Desktop\Programas\Receitanet 1.04 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Silvana\Desktop\Programas\Shop for HP Supplies.lnk - C:\Program Files\Hp\HPSSUPPLY\hpqSSupply.exe
C:\Users\Silvana\Desktop\Programas\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Silvana\Desktop\Programas\TotalMedia 3.5.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Driver Booster.lnk - C:\Program Files\IObit\Driver Booster\SkipUacExec.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\Smart Defrag 3.lnk - C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Desinstalar Advanced SystemCare.lnk - C:\Program Files\IObit\Advanced SystemCare 7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Toolbox.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /toolbox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Turbo Boost.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /turboboost
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Desinstalar Driver Booster.lnk - C:\Program Files\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Driver Booster.lnk - C:\Program Files\IObit\Driver Booster\SkipUacExec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Desinstalar IObit Malware Fighter.lnk - C:\Program Files\IObit\IObit Malware Fighter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Desinstalar Smart Defrag 3.lnk - C:\Program Files\IObit\Smart Defrag 3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FoxTab FLV Player.lnk - C:\Program Files\FoxTabFlvPlayer\FLVPlayer.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Anytime Upgrade.lnk - C:\Windows\system32\WindowsAnytimeUpgradeUI.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Silvana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silvana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silvana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Silvana\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silvana\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Silvana\AppData\Local\VirtualStore\Windows\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=57 folders=10 2462634 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Silvana\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Silvana\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 10/08/2014 at 12:31:05,57 ======================
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Dom 10 Ago 2014, 12:41

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Dom 10 Ago 2014, 13:15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x86
Ran by Silvana on 10/08/2014 at 12:52:43,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/08/2014 at 13:09:26,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Dom 10 Ago 2014, 14:52

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 00:32

Olá,
Infelizmente ao fazer a tarefa de Anti - Malware me atrapalhei para salvar o relatório que demorou mais de 1 hora e detectou 17 itens.
Como co computador reiniciou, e não localizei o arquivo que por sinal não havia sido salvo, refiz o processo que resultou abaixo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 11/08/2014
Hora da Verificação: 00:17:50
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.11.01
Rootkit Database: v2014.08.04.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Silvana

Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 274667
Tempo Decorrido: 9 min, 0 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Seg 11 Ago 2014, 09:57

Estes 17 itens que o Malwarebytes encontrou na primeira verificação dele você os selecionou e removeu? Se não tiver feito isso, é muito importante fazer.
_______________________________________________

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309  Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 11:42

~ Relatório do ZHPDiag v2014.8.9.116 - Nicolas Coolman (09/08/2014)
~ Iniciado por Silvana (11/08/2014 11:38:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.3.5.9

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1909 MB (25% free)
System Restore: Activé (Enable)
System drive C: has 407 GB (89%) free of 455 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SILVANA-PC
~ User Name: Silvana
~ All Users Names: Silvana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Silvana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Silvana\AppData\Roaming\
~ %Desktop% : C:\Users\Silvana\Desktop\
~ %Favorites% : C:\Users\Silvana\Favorites\
~ %LocalAppData% : C:\Users\Silvana\AppData\Local\
~ %StartMenu% : C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 455 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2379
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/162
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 4/160
~ Mon Bureau (My Desktop) : 7/880
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 12s



---\\ Processos lançados
[MD5.B23DB573857A4FAAA4E84A7BDB900451] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2436]
[MD5.E6CADFAC2B0CB7461C21F0AFA70A7695] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.2472]
[MD5.F50A4D38843E8D22F69CE3FF14DE3EB3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [167960] [PID.2492]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744] [PID.2512]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.2536]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2752]
[MD5.61FDD24AF4B1B66E2DF2223BFDA4B47F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.2856]
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.3784]
[MD5.985271DF0D270335FE0CA0BE7B4DD0C6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2364704] [PID.4544]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.No owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.5000]
[MD5.22309C300E4F1E33BC75EDA065C3C384] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352] [PID.5172]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.5872]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.5584]
[MD5.CD900EFB4F8946A2BB1950D9F45915C2] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [812216] [PID.1828]
[MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.5616]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 15 Legitimates Filtered in 00mn 05s

Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 11:47

Olá,
Logo após eu ter postado o relatório anterior, apareceu uma caixa me dizendo para reinstalar pois o programa não tinha sido instalado corretamente, então refiz o processo (??),

Segue o novo relatório (se é que é diferente)

~ Relatório do ZHPDiag v2014.8.9.116 - Nicolas Coolman (09/08/2014)
~ Iniciado por Silvana (11/08/2014 11:43:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.3.5.9

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1909 MB (22% free)
System Restore: Activé (Enable)
System drive C: has 407 GB (89%) free of 455 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SILVANA-PC
~ User Name: Silvana
~ All Users Names: Silvana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Silvana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Silvana\AppData\Roaming\
~ %Desktop% : C:\Users\Silvana\Desktop\
~ %Favorites% : C:\Users\Silvana\Favorites\
~ %LocalAppData% : C:\Users\Silvana\AppData\Local\
~ %StartMenu% : C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 455 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2379
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/162
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 4/160
~ Mon Bureau (My Desktop) : 7/880
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.B23DB573857A4FAAA4E84A7BDB900451] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2436]
[MD5.E6CADFAC2B0CB7461C21F0AFA70A7695] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.2472]
[MD5.F50A4D38843E8D22F69CE3FF14DE3EB3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [167960] [PID.2492]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744] [PID.2512]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.2536]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2752]
[MD5.61FDD24AF4B1B66E2DF2223BFDA4B47F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.2856]
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.3784]
[MD5.985271DF0D270335FE0CA0BE7B4DD0C6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2364704] [PID.4544]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.No owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.5000]
[MD5.22309C300E4F1E33BC75EDA065C3C384] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352] [PID.5172]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.5872]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.5584]
[MD5.CD900EFB4F8946A2BB1950D9F45915C2] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [812216] [PID.1828]
[MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.6688]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 15 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.8B63BF3EA328E9A8B060846FD22B8E42] [APT] [{0A0B6D34-377C-4ACD-9249-2EE6A8F2FA67}] (.Siano Mobile Silicon.) -- C:\Program Files\InstallShield Installation Information\{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}\setup.exe [331776]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{0A993462-979E-4412-A521-EF1713A34A0C}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{54A3643F-DFCF-4028-8C38-96276AA49833}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04.exe [6182597]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{87198979-4448-4CDD-83C8-DF49E0F26131}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04 (1).exe [6182597]
[MD5.00000000000000000000000000000000] [APT] [{B19C664C-9D19-451F-B08C-C401AE519C61}] (...) -- C:\Users\Silvana\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: allday savings - (.allday savings.) [HKLM] -- D20A6820-7C28-4015-945F-09F8551FCE45 =>PUP.AllDaySavings
~ Logic: 13 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Labeljoy5]
[HKCU\Software\Pando Networks]
[HKCU\Software\SERPRO]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Labeljoy5]
[HKLM\Software\Pando Networks]
[HKLM\Software\Programas RFB]
~ Key Software: 256 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/08/2014 - 12:15:28 - [0] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 08/08/2014 - 11:04:32 - [] ----D C:\Program Files\Ares
O43 - CFD: 03/03/2014 - 16:49:39 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 07/08/2014 - 20:17:33 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 08/08/2014 - 12:16:28 - [] ----D C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45
O43 - CFD: 26/06/2011 - 15:41:58 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 13/04/2014 - 10:59:32 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Siano Mobile Silicon
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Common Files\Siano Mobile Silicon
O43 - CFD: 07/08/2014 - 20:17:44 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 08/08/2014 - 14:12:19 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 08/08/2014 - 13:28:32 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 15/09/2011 - 22:09:47 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 31/01/2014 - 13:20:54 - [] ----D C:\Users\Silvana\AppData\Roaming\Baidu Security
O43 - CFD: 10/08/2014 - 00:34:45 - [] ----D C:\Users\Silvana\AppData\Roaming\ProductData
O43 - CFD: 07/08/2014 - 20:15:16 - [] ----D C:\Users\Silvana\AppData\Local\Ares
O43 - CFD: 18/03/2013 - 16:41:46 - [] ----D C:\Users\Silvana\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
O43 - CFD: 08/08/2014 - 13:41:15 - [0] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
O43 - CFD: 31/01/2014 - 20:03:04 - [0] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 01/04/2013 - 20:17:30 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 30/03/2014 - 09:43:33 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 211 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 09/08/2014 - 19:54:51 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/08/2014 - 12:10:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DCA9840397E2458D7215CF4541933828] - 10/08/2014 - 12:31:05 ---A- . (...) -- C:\zoek-results.log [20196]
O44 - LFC:[MD5.4A4C0122DC23EF75D4DECA9322D030CD] - 10/08/2014 - 22:15:58 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.D13985C2B5EEDCBE83E8A4DEF96B5296] - 10/08/2014 - 22:15:58 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.498E65C4649610D77959F22DE30F78EA] - 11/08/2014 - 00:27:54 ---A- . (...) -- C:\LOG.txt [1150]
~ Files: 30 Legitimates Filtered in 00mn 03s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7348e653-3925-11e1-a1ec-70f3959f2b5c}\AutoRun\command. (...) -- G:\SISetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/09/2009 - 08:55:48 ---A- . (.Siano - smsbda device driver.) -- C:\Windows\System32\Drivers\smsbda.sys [52000]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 95 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 101 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "92FB69B50CC1BF24BAC2E1213E22E6A7" . (.Bing Bar.) -- C:\Windows\Installer\{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4692249C1DA56512860869F158584DEE] [WIS][09/11/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\565ec.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASAPI32 =>Adware.VideoDownloadConverter
HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASMANCS =>Adware.VideoDownloadConverter
~ BTK: 285 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
~ BCK: 5685 Legitimates Filtered in 00mn 09s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (bavsvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe
SS - | Auto 09/11/2011 196376 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 10/07/1658 0 | (bhipssvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files\Browny02\BrYNSvc.exe
SS - | Auto 28/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 12/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 29/12/2009 595232 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 22/11/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 18/01/2010 17920 | (HPWMISVC) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 15/05/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13026 - (09/08/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\D20A6820-7C28-4015-945F-09F8551FCE45] =>PUP.AllDaySavings^
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
C:\Program Files\005 =>PUP.AdPeak^
C:\Windows\Installer\565ec.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
~ Additionnel Scan: 353420 Items scanned in 00mn 28s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetPage
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdPeak
~ MSI: 2 link(s) detected in 00mn 00s



~ 883 Legitimates filtered by white list
End of the scan (535 lines in 01mn 17s)(0)
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Seg 11 Ago 2014, 12:28

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_________________________________________________________________________________________

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B19C664C-9D19-451F-B08C-C401AE519C61}] (...) -- C:\Users\Silvana\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O42 - Logiciel: allday savings - (.allday savings.) [HKLM] -- D20A6820-7C28-4015-945F-09F8551FCE45 =>PUP.AllDaySavings
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
O43 - CFD: 08/08/2014 - 12:15:28 - [0] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 03/03/2014 - 16:49:39 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 07/08/2014 - 20:17:33 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 08/08/2014 - 12:16:28 - [] ----D C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45
O43 - CFD: 07/08/2014 - 20:17:44 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 08/08/2014 - 13:28:32 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 31/01/2014 - 13:20:54 - [] ----D C:\Users\Silvana\AppData\Roaming\Baidu Security
O43 - CFD: 08/08/2014 - 13:41:15 - [0] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASAPI32 =>Adware.VideoDownloadConverter
HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASMANCS =>Adware.VideoDownloadConverter
SS - | Auto 10/07/1658 0 | (bavsvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bavsvc.exe
SS - | Auto 10/07/1658 0 | (bhipssvc) . (...) - C:\Program Files\Baidu Security\Baidu Antivirus\bhipssvc.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\D20A6820-7C28-4015-945F-09F8551FCE45] =>PUP.AllDaySavings^
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
C:\Program Files\005 =>PUP.AdPeak^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid

_____________________________________________________________________________________________________________

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 15:37

Limpeza com Ccleaner ok.

Relatório:

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Silvana at 11/08/2014 15:34:21
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 13s)
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: allday savings

========== Chaves do Registo ==========
ELIMINÉ: Service: bavsvc
ELIMINÉ: Service: bhipssvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Video Download Converter_RASMANCS
ELIMINÉ: HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: Baidu Antivirus
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files\baidu-security-2014-4.4.4.73687\baidu antivirus\bavtray.exe
ELIMINÉ Temporários windows (277) (26.509.804 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {B19C664C-9D19-451F-B08C-C401AE519C61}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
11 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 02mn 46s

========== Caminho do ficheiro do relatório ==========
C:\Users\Silvana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/08/2014 15:34:37 [1984]
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Seg 11 Ago 2014, 15:47

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 16:04

Segue o solicitado.

~ Relatório do ZHPDiag v2014.8.9.116 - Nicolas Coolman (09/08/2014)
~ Iniciado por Silvana (11/08/2014 15:55:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.16

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.3.5.9

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1909 MB (31% free)
System Restore: Activé (Enable)
System drive C: has 407 GB (89%) free of 455 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SILVANA-PC
~ User Name: Silvana
~ All Users Names: Silvana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Silvana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Silvana\AppData\Roaming\
~ %Desktop% : C:\Users\Silvana\Desktop\
~ %Favorites% : C:\Users\Silvana\Favorites\
~ %LocalAppData% : C:\Users\Silvana\AppData\Local\
~ %StartMenu% : C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 407 Go of 455 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2379
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/162
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 4/160
~ Mon Bureau (My Desktop) : 7/881
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 06s



---\\ Processos lançados
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.2740]
[MD5.B23DB573857A4FAAA4E84A7BDB900451] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2864]
[MD5.E6CADFAC2B0CB7461C21F0AFA70A7695] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.2876]
[MD5.F50A4D38843E8D22F69CE3FF14DE3EB3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [167960] [PID.2884]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744] [PID.2892]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.2916]
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe [1704296] [PID.3328]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2196]
[MD5.61FDD24AF4B1B66E2DF2223BFDA4B47F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.2384]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.No owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4748]
[MD5.985271DF0D270335FE0CA0BE7B4DD0C6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2364704] [PID.4780]
[MD5.22309C300E4F1E33BC75EDA065C3C384] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352] [PID.4836]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4504]
[MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.5652]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 15 Legitimates Filtered in 00mn 06s



---\\ Tarefas planificadas automaticamente (039)
[MD5.8B63BF3EA328E9A8B060846FD22B8E42] [APT] [{0A0B6D34-377C-4ACD-9249-2EE6A8F2FA67}] (.Siano Mobile Silicon.) -- C:\Program Files\InstallShield Installation Information\{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}\setup.exe [331776]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{0A993462-979E-4412-A521-EF1713A34A0C}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{54A3643F-DFCF-4028-8C38-96276AA49833}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04.exe [6182597]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{87198979-4448-4CDD-83C8-DF49E0F26131}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04 (1).exe [6182597]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Labeljoy5]
[HKCU\Software\Pando Networks]
[HKCU\Software\SERPRO]
[HKLM\Software\Labeljoy5]
[HKLM\Software\Pando Networks]
[HKLM\Software\Programas RFB]
~ Key Software: 255 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/08/2014 - 11:04:32 - [] ----D C:\Program Files\Ares
O43 - CFD: 07/08/2014 - 20:17:33 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 26/06/2011 - 15:41:58 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 13/04/2014 - 10:59:32 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Siano Mobile Silicon
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Common Files\Siano Mobile Silicon
O43 - CFD: 08/08/2014 - 14:12:19 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 15/09/2011 - 22:09:47 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 10/08/2014 - 00:34:45 - [] ----D C:\Users\Silvana\AppData\Roaming\ProductData
O43 - CFD: 07/08/2014 - 20:15:16 - [] ----D C:\Users\Silvana\AppData\Local\Ares
O43 - CFD: 18/03/2013 - 16:41:46 - [] ----D C:\Users\Silvana\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
O43 - CFD: 31/01/2014 - 20:03:04 - [0] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 01/04/2013 - 20:17:30 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 30/03/2014 - 09:43:33 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 205 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 09/08/2014 - 19:54:51 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/08/2014 - 12:10:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DCA9840397E2458D7215CF4541933828] - 10/08/2014 - 12:31:05 ---A- . (...) -- C:\zoek-results.log [20196]
O44 - LFC:[MD5.498E65C4649610D77959F22DE30F78EA] - 11/08/2014 - 00:27:54 ---A- . (...) -- C:\LOG.txt [1150]
O44 - LFC:[MD5.4A4C0122DC23EF75D4DECA9322D030CD] - 11/08/2014 - 15:11:42 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.D13985C2B5EEDCBE83E8A4DEF96B5296] - 11/08/2014 - 15:11:42 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
~ Files: 27 Legitimates Filtered in 01mn 05s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7348e653-3925-11e1-a1ec-70f3959f2b5c}\AutoRun\command. (...) -- G:\SISetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/09/2009 - 08:55:48 ---A- . (.Siano - smsbda device driver.) -- C:\Windows\System32\Drivers\smsbda.sys [52000]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 95 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 100 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "92FB69B50CC1BF24BAC2E1213E22E6A7" . (.Bing Bar.) -- C:\Windows\Installer\{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4692249C1DA56512860869F158584DEE] [WIS][09/11/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\565ec.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 283 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
~ BCK: 5684 Legitimates Filtered in 00mn 11s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/11/2011 196376 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files\Browny02\BrYNSvc.exe
SS - | Auto 28/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 12/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 29/12/2009 595232 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 22/11/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 18/01/2010 17920 | (HPWMISVC) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 15/05/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Scâner Aditional (088)
Database Version : 13026 - (09/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Windows\Installer\565ec.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
~ Additionnel Scan: 349059 Items scanned in 01mn 00s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 865 Legitimates filtered by white list
End of the scan (505 lines in 03mn 15s)(0)
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Seg 11 Ago 2014, 16:11

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309  Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe [1704296] [PID.3328]
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O43 - CFD: 07/08/2014 - 20:17:33 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid

_____________________________________________________________________________________________________________

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 16:39

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Silvana at 11/08/2014 16:36:49
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (01mn 41s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 02mn 09s

========== Caminho do ficheiro do relatório ==========
C:\Users\Silvana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/08/2014 15:43:48 [2066]
C:\Users\Silvana\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/08/2014 16:38:32 [1007]
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Seg 11 Ago 2014, 16:43

~ Relatório do ZHPDiag v2014.8.9.116 - Nicolas Coolman (09/08/2014)
~ Iniciado por Silvana (11/08/2014 16:41:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.16

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.3.5.9

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1909 MB (32% free)
System Restore: Activé (Enable)
System drive C: has 406 GB (89%) free of 455 GB

---\\ Modo de conexão ao sistema
~ Computer Name: SILVANA-PC
~ User Name: Silvana
~ All Users Names: Silvana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Silvana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Silvana\AppData\Roaming\
~ %Desktop% : C:\Users\Silvana\Desktop\
~ %Favorites% : C:\Users\Silvana\Favorites\
~ %LocalAppData% : C:\Users\Silvana\AppData\Local\
~ %StartMenu% : C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 406 Go of 455 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 10 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2379
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/324
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 4/320
~ Mon Bureau (My Desktop) : 7/1762
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.8E13CA0B48A1298F46F8739B95DBE4BF] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [781600] [PID.2740]
[MD5.B23DB573857A4FAAA4E84A7BDB900451] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2864]
[MD5.E6CADFAC2B0CB7461C21F0AFA70A7695] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [175640] [PID.2876]
[MD5.F50A4D38843E8D22F69CE3FF14DE3EB3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [167960] [PID.2884]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744] [PID.2892]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.2916]
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe [1704296] [PID.3328]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.2196]
[MD5.61FDD24AF4B1B66E2DF2223BFDA4B47F] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [795936] [PID.2384]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.No owner - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4748]
[MD5.985271DF0D270335FE0CA0BE7B4DD0C6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2364704] [PID.4780]
[MD5.22309C300E4F1E33BC75EDA065C3C384] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [311352] [PID.4836]
[MD5.044C57C0B61A20B982F40AD8E436EC0C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8090624] [PID.5652]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.6532]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Silvana\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 36 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 40 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-206512037-3977760960-1559006828-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63A2E1D9-B314-4D7A-944F-3139B1C0FD49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 15 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.8B63BF3EA328E9A8B060846FD22B8E42] [APT] [{0A0B6D34-377C-4ACD-9249-2EE6A8F2FA67}] (.Siano Mobile Silicon.) -- C:\Program Files\InstallShield Installation Information\{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}\setup.exe [331776]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{0A993462-979E-4412-A521-EF1713A34A0C}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{54A3643F-DFCF-4028-8C38-96276AA49833}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04.exe [6182597]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{87198979-4448-4CDD-83C8-DF49E0F26131}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Silvana\Downloads\Receitanet-1.04 (1).exe [6182597]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 60 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 12 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Labeljoy5]
[HKCU\Software\Pando Networks]
[HKCU\Software\SERPRO]
[HKLM\Software\Labeljoy5]
[HKLM\Software\Pando Networks]
[HKLM\Software\Programas RFB]
~ Key Software: 255 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/08/2014 - 11:04:32 - [] ----D C:\Program Files\Ares
O43 - CFD: 07/08/2014 - 20:17:33 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 26/06/2011 - 15:41:58 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 13/04/2014 - 10:59:32 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Siano Mobile Silicon
O43 - CFD: 03/11/2011 - 21:04:14 - [] ----D C:\Program Files\Common Files\Siano Mobile Silicon
O43 - CFD: 08/08/2014 - 14:12:19 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 15/09/2011 - 22:09:47 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 10/08/2014 - 00:34:45 - [] ----D C:\Users\Silvana\AppData\Roaming\ProductData
O43 - CFD: 07/08/2014 - 20:15:16 - [] ----D C:\Users\Silvana\AppData\Local\Ares
O43 - CFD: 18/03/2013 - 16:41:46 - [] ----D C:\Users\Silvana\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
O43 - CFD: 31/01/2014 - 20:03:04 - [0] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 01/04/2013 - 20:17:30 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 30/03/2014 - 09:43:33 - [] ----D C:\Users\Silvana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 205 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 09/08/2014 - 19:54:51 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/08/2014 - 12:10:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DCA9840397E2458D7215CF4541933828] - 10/08/2014 - 12:31:05 ---A- . (...) -- C:\zoek-results.log [20196]
O44 - LFC:[MD5.498E65C4649610D77959F22DE30F78EA] - 11/08/2014 - 00:27:54 ---A- . (...) -- C:\LOG.txt [1150]
O44 - LFC:[MD5.4A4C0122DC23EF75D4DECA9322D030CD] - 11/08/2014 - 15:11:42 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.D13985C2B5EEDCBE83E8A4DEF96B5296] - 11/08/2014 - 15:11:42 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
~ Files: 27 Legitimates Filtered in 00mn 18s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{7348e653-3925-11e1-a1ec-70f3959f2b5c}\AutoRun\command. (...) -- G:\SISetup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/07/2014 - 16:08:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:09/08/2014 - 19:58:11 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/09/2009 - 08:55:48 ---A- . (.Siano - smsbda device driver.) -- C:\Windows\System32\Drivers\smsbda.sys [52000]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 95 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 12/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 100 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "92FB69B50CC1BF24BAC2E1213E22E6A7" . (.Bing Bar.) -- C:\Windows\Installer\{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4692249C1DA56512860869F158584DEE] [WIS][09/11/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\565ec.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 283 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
~ BCK: 5684 Legitimates Filtered in 00mn 09s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/11/2011 196376 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 05/06/2012 266240 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files\Browny02\BrYNSvc.exe
SS - | Auto 28/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 08/05/2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 12/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 29/12/2009 595232 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 21/07/2014 546104 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 22/11/2010 99896 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 18/01/2010 17920 | (HPWMISVC) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 15/05/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (09/08/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
C:\Windows\Installer\565ec.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
~ Additionnel Scan: 349036 Items scanned in 00mn 29s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 915 Legitimates filtered by white list


End of the scan (502 lines in 01mn 33s)(0)
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Ter 12 Ago 2014, 08:24

Olá agradeço muito sua ajuda. Nunca havia feito nada semelhante e achei seu tutorial muito didático.

Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Ter 12 Ago 2014, 09:48

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
Baidu;z
Baidu;a
emptyfolderscheck;delete


*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Silvana Alfredo Ter 12 Ago 2014, 10:27


Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Silvana on 12/08/2014 at 10:03:52,70.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Silvana\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-10-153105.log 20196 bytes

==== System Restore Info ======================

12/08/2014 10:05:26 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MyHeritage deleted successfully
C:\Program Files\Common Files\CyberLink deleted successfully
C:\Users\Silvana\AppData\Roaming\Media Player Classic deleted successfully

==== Folders Found ======================

2014-08-09 22:55:51 2014-08-09 22:55:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-08-09 22:55:55 2014-08-09 22:55:55 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-08-09 22:55:55 2014-08-09 22:55:55 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Silvana\AppData\Local\Temp\baidu
2014-08-09 22:55:56 2014-08-09 22:55:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Silvana\AppData\Roaming\baidu
2014-08-09 22:55:57 2014-08-09 22:55:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Silvana\AppData\Roaming\baidu\Baidu Antivirus
2014-08-07 23:17:33 2014-08-07 23:17:33 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687
2014-08-07 23:17:33 2014-08-12 07:51:35 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-08-07 23:17:37 2014-08-07 23:17:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-08-07 23:17:37 2014-08-07 23:17:37 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-08-10 02:45:24 2014-08-10 02:45:24 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-08-11 18:32:30 2014-08-11 18:34:14 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR
2014-08-11 18:32:53 2014-08-11 18:34:13 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR
2014-08-11 18:32:30 2014-08-11 18:32:45 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR\Baidu Antivirus
2014-08-11 18:34:14 2014-01-31 16:20:54 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR\Baidu Security
2014-08-11 18:34:17 2014-08-11 18:34:17 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-08-11 18:34:17 2014-08-11 18:34:17 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-08-11 18:32:53 2014-08-11 18:34:04 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR\Baidu Antivirus
2014-08-11 18:34:13 2014-08-12 07:51:29 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR\Baidu-Security-2014-4.4.4.73687
2014-08-11 18:34:13 2014-08-12 07:51:35 -------- d-----w- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus

==== Files Found ======================


--- C:\Program Files\IObit\Surfing Protection\BrowerProtect\Safari_baidu_script.js ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1556
Created time: 2014-08-08 16:28:52
Modified time: 2013-04-22 14:30:56
MD5: 670B367C3485AB4FA0046B9D1DDFF1B7
SHA1: DD0C159627F22F3BF83A8632A357EE62DE132EEC


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1257
Created time: 2014-08-07 23:17:37
Modified time: 2014-08-07 23:17:37
MD5: E6F196C68633C29C3B82DA93384C26F7
SHA1: 399471BD9FDBD662F6298261A951591200D7DF69


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1257
Created time: 2014-08-07 23:17:37
Modified time: 2014-08-07 23:17:37
MD5: E6F196C68633C29C3B82DA93384C26F7
SHA1: 399471BD9FDBD662F6298261A951591200D7DF69


--- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-08-11 18:33:28
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Users\Silvana\AppData\Roaming\ZHP\Quarantine\Baidu-Security-2014-4.4.4.73687.DIR\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-08-11 18:33:28
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-1B88C899.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 82528
Created time: 2014-01-31 16:25:09
Modified time: 2014-01-31 16:25:09
MD5: 0336837A6F332FCF5D3FCFDD8D564C41
SHA1: 0CE67517A1FBB4FAA3C8B20BBCBE56C55335386C


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3450
Created time: 2014-08-10 15:26:35
Modified time: 2014-08-07 23:17:37
MD5: EE5C9794E60E20552FEEF7B477E30F90
SHA1: D79A1882D957869E1F505263E95C4219D619A950


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu-Security-2014-4.4.4.73687\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEA4702-8FEC-4EED-830D-A5A09E596AB5}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark]

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities]

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\Users\\Silvana\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\RegisteredApplications]
"BaiduSpark"="Software\\Clients\\StartMenuInternet\\BaiduSpark\\Capabilities"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/07/2014 16:08]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=57 folders=13 1174442 bytes)

==== EOF on 12/08/2014 at 10:09:39,78 ======================
Silvana Alfredo
Silvana Alfredo
Membro
Membro

Mensagens : 58
Reputação : 1
Data de inscrição : 08/08/2014
Idade : 64
Localização : São Paulo

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Power Max Ter 12 Ago 2014, 11:03

Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Selecione e copie todo o texto destacado em vermelho abaixo:

:Services
:Processes
KILLALLPROCESSES

:Services
BdApiUtil
BdCameraProtect
Bhbase
BprotectEx
PCFApiUtil

:Files
C:\Program Files\Baidu-Security-2014-4.4.4.73687
C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
C:\Users\Public\Documents\Baidu
C:\Program Files\IObit\Surfing Protection\BrowerProtect\Safari_baidu_script.js
C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-1B88C899.pf

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEA4702-8FEC-4EED-830D-A5A09E596AB5}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DEA4702-8FEC-4EED-830D-A5A09E596AB5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark]
[-HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities]
[-HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\Users\\Silvana\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=-
[HKEY_USERS\S-1-5-21-206512037-3977760960-1559006828-1000\Software\RegisteredApplications]
"BaiduSpark"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

:Commands
[createrestorepoint]
[Reboot]


Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.

Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved

Depois disto clique no botão MoveIt!

Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

consigo - Não consigo remover sweet page, baidu,IEtabpage class não decabilita Empty Re: Não consigo remover sweet page, baidu,IEtabpage class não decabilita

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos