Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 12 usuários online :: 0 registrados, 0 invisíveis e 12 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remover Baidu do registro
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Remover Baidu do registro
por vamsv Qua 13 Ago 2014, 07:42
Bom dia, encontrei a solução porém não sei os scripts que eu devo usar para solucionar o meu problema, instalei o zoek e segue log, gostaria de remover esse malware.
desde já obrigada,
Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 12/08/2014 at 13:33:36,61.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador.GD500604\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/08/2014 13:36:38 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Scpad\scpVista.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Administrador.GD500604\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Windows\system32\appdata deleted
C:\jre-7u51-windows-i586.exe deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\boost_interprocess deleted
C:\Users\Administrador.GD500604\Searches deleted
C:\Users\luiz.barati\AppData\Roaming\unins000.exe deleted
==== Folders Found ======================
2014-08-12 12:12:34 2014-08-12 12:12:34 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-03-05 10:03:01 2014-05-21 10:03:12 -------- d-----w- C:\ProgramData\Baidu Security
2014-03-05 10:03:01 2014-05-21 10:03:12 -------- d-----w- C:\Users\All Users\Baidu Security
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130227877476432143.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130227877476432143.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==== Startup Folders ======================
2013-04-02 15:02:06 1264 ----a-w- C:\Users\suporteti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/07/2014 07:43]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/05/2013 11:26]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/05/2013 11:26]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chrome Look ======================
ADSimples - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfooflakdommgiokeakmnkkmjegejpfa
GBBD Caixa Economica Federal - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
ADSimples - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfooflakdommgiokeakmnkkmjegejpfa
GBBD Caixa Economica Federal - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Uninstall List x86 ======================
7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip]
Adobe Flash Player 14 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Reader XI (11.0.07) - Portuguˆs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1046-7B44-AB0000000001}]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
CutePDF Writer 2.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation]
DraftSight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE7D7509-CC19-4DED-A439-F50B191C9E37}]
Edi7Windows Ita£ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Edi7Windows Ita£]
GBBD Caixa Economica Federal [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Java 7 Update 55 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
Kaspersky Endpoint Security 10 para Windows [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9813DD3F-A28E-4B98-ACDE-12A3AB1C42E4}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Malwarebytes Anti-Malware versÆo 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft .NET Framework 4 Client Profile PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A15757-4AE4-3C82-9711-863C84AFE6AA}]
Microsoft Office Home and Business 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.SingleImage]
Microsoft redistributable runtime DLLs VS2008 SP1(x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A47A9101-6EB5-4314-BDA1-297880FBB908}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MSXML4.0 redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}]
OCS Inventory Agent 4.0.5.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OCS Inventory Agent]
Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20D4A895-748C-4D88-871C-FDB1695B0169}]
Prote‡Æo de Terminal Trusteer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rapport_msi]
Rapport [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
SAP GUI for Windows 7.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAPGUI710]
SISCOB [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5940AE3-7244-11D6-BAB7-00010332BA5B}]
SolidWorks eDrawings 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8E824B6-78C0-4079-9B23-B86C8D9A78A1}]
Spark 2.6.3.12555 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark 2.6.3.12555]
UltraVnc [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ultravnc2_is1]
vcredist_x86 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}]
VIA Gerenciador de dispositivo de plataforma [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}]
VMware Zimbra Connector for Microsoft Outlook [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDED9F97-8C37-45CB-83B5-09AC5FDC5BFC}]
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Banco Safra - {C41A1C0E-EA6C-11D4-B1B8-444553540023} - C:\Program Files\GbPlugin\gbiehsfr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\Software\..\Telephony: DomainName = delga.com.br
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = delga.com.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginSfr - C:\Program Files\GbPlugin\gbiehSfr.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Kaspersky Endpoint Security (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
==== Empty IE Cache ======================
C:\Users\egouveia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\luiz.barati\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\luiz.barati\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\suporteti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\suporteti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrador.GD500604\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\luiz.barati\AppData\Local\Mozilla\Firefox\Profiles\5iw0etul.default\Cache emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Mozilla\Firefox\Profiles\5iw0etul.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Administrador.GD500604\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\suporteti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 31034119 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrador.GD500604\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\egouveia\AppData\Local\Temp emptied successfully
C:\Users\luiz.barati\AppData\Local\Temp emptied successfully
C:\Users\suporteti\AppData\Local\Temp emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1.GD5\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Administrador.GD500604\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 12/08/2014 at 13:58:21,23 ======================
desde já obrigada,
Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by Administrador on 12/08/2014 at 13:33:36,61.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrador.GD500604\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/08/2014 13:36:38 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Scpad\scpVista.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Administrador.GD500604\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Windows\system32\appdata deleted
C:\jre-7u51-windows-i586.exe deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\boost_interprocess deleted
C:\Users\Administrador.GD500604\Searches deleted
C:\Users\luiz.barati\AppData\Roaming\unins000.exe deleted
==== Folders Found ======================
2014-08-12 12:12:34 2014-08-12 12:12:34 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-03-05 10:03:01 2014-05-21 10:03:12 -------- d-----w- C:\ProgramData\Baidu Security
2014-03-05 10:03:01 2014-05-21 10:03:12 -------- d-----w- C:\Users\All Users\Baidu Security
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130227877476432143.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130227877476432143.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==== Startup Folders ======================
2013-04-02 15:02:06 1264 ----a-w- C:\Users\suporteti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/07/2014 07:43]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/05/2013 11:26]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/05/2013 11:26]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chrome Look ======================
ADSimples - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfooflakdommgiokeakmnkkmjegejpfa
GBBD Caixa Economica Federal - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
ADSimples - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfooflakdommgiokeakmnkkmjegejpfa
GBBD Caixa Economica Federal - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Uninstall List x86 ======================
7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip]
Adobe Flash Player 14 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Reader XI (11.0.07) - Portuguˆs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1046-7B44-AB0000000001}]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
CutePDF Writer 2.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation]
DraftSight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE7D7509-CC19-4DED-A439-F50B191C9E37}]
Edi7Windows Ita£ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Edi7Windows Ita£]
GBBD Caixa Economica Federal [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Java 7 Update 55 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
Kaspersky Endpoint Security 10 para Windows [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9813DD3F-A28E-4B98-ACDE-12A3AB1C42E4}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Malwarebytes Anti-Malware versÆo 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft .NET Framework 4 Client Profile PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A15757-4AE4-3C82-9711-863C84AFE6AA}]
Microsoft Office Home and Business 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.SingleImage]
Microsoft redistributable runtime DLLs VS2008 SP1(x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A47A9101-6EB5-4314-BDA1-297880FBB908}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MSXML4.0 redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}]
OCS Inventory Agent 4.0.5.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OCS Inventory Agent]
Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20D4A895-748C-4D88-871C-FDB1695B0169}]
Prote‡Æo de Terminal Trusteer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rapport_msi]
Rapport [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
SAP GUI for Windows 7.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAPGUI710]
SISCOB [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5940AE3-7244-11D6-BAB7-00010332BA5B}]
SolidWorks eDrawings 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8E824B6-78C0-4079-9B23-B86C8D9A78A1}]
Spark 2.6.3.12555 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark 2.6.3.12555]
UltraVnc [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ultravnc2_is1]
vcredist_x86 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}]
VIA Gerenciador de dispositivo de plataforma [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}]
VMware Zimbra Connector for Microsoft Outlook [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDED9F97-8C37-45CB-83B5-09AC5FDC5BFC}]
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Banco Safra - {C41A1C0E-EA6C-11D4-B1B8-444553540023} - C:\Program Files\GbPlugin\gbiehsfr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\Software\..\Telephony: DomainName = delga.com.br
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = delga.com.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = delga.com.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginSfr - C:\Program Files\GbPlugin\gbiehSfr.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Serviço do Kaspersky Endpoint Security (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files\Scpad\scpVista.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe
==== Empty IE Cache ======================
C:\Users\egouveia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\luiz.barati\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\luiz.barati\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\suporteti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\suporteti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrador.GD500604\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\luiz.barati\AppData\Local\Mozilla\Firefox\Profiles\5iw0etul.default\Cache emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Mozilla\Firefox\Profiles\5iw0etul.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Administrador.GD500604\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\luiz.barati\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\suporteti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 31034119 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrador.GD500604\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\egouveia\AppData\Local\Temp emptied successfully
C:\Users\luiz.barati\AppData\Local\Temp emptied successfully
C:\Users\suporteti\AppData\Local\Temp emptied successfully
C:\Users\LUIZ~1.BAR\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1.GD5\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Administrador.GD500604\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 12/08/2014 at 13:58:21,23 ======================
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qua 13 Ago 2014, 09:02
Olá.
Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Selecione e copie todo o texto destacado em vermelho que te passei.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Selecione e copie todo o texto destacado em vermelho que te passei.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Última edição por Power Max em Sex 15 Ago 2014, 10:39, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qua 13 Ago 2014, 13:48
Ao executar o Old Timer o computador trava e o programa exibe a mensagem não respondendo.
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qua 13 Ago 2014, 13:50
inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede, faça o procedimento que te passei na resposta anterior e poste o relatório dele.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qua 13 Ago 2014, 13:52
Power Max escreveu:inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede, faça o procedimento que te passei na resposta anterior e poste o relatório dele.
OK irei fazer isso, obrigada.
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qua 13 Ago 2014, 20:56
Power Max escreveu:Ok, fico na espera.
Boa Noite, desculpe não consegui fazer o que foi pedido no computador em questão por ser um computador particular e a pessoa precisou usar o mesmo.
estou com o mesmo problema no meu computador , tenho que abrir outro tópico?
se sim qual é o script que devo executar para receber o log e postar aqui?
não estou achando o script que eu havia usado pela manhã.
desde já muito obrigada
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 00:11
Crie um novo tópico na área de remoção de malwares e lá a gente te passa o Script para remover o Baidu.
Ficamos no aguardo de seu tópico.
Ficamos no aguardo de seu tópico.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 09:42
Power Max escreveu:Crie um novo tópico na área de remoção de malwares e lá a gente te passa o Script para remover o Baidu.
Ficamos no aguardo de seu tópico.
Bom dia irei fazer isso então obrigada,
bom sobre esse pc o OBT mesmo em modo de segurança trava e não faz mais nada ... bom foi gerado um código e eu pesquisei pelo baidu no registro e não foi mais localizado, como posso saber se estou livre mesmo dele? segue log
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 09:45
O log não apareceu aqui. Poste ele novamente, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 09:59
segue log anexo:
Error: Unable to interpret <:Services :Processes KILLALLPROCESSES :Services BdApiUtil BdCameraProtect Bfilter Bfmon Bhbase Bprotect :Files C:\ProgramData\Baidu Security C:\Users\All Users\Baidu Security :Reg [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001> in the current context!
Error: Unable to interpret <\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00> in the current context!
Error: Unable to interpret <2\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]> in the current context!
Error: Unable to interpret <"DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil] "ImagePath"=-> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "InstPath"=- [-> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "ucloud"=- [HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "dcloud"=- [HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "rcloud"=- [-HKEY_USERS\S-1-5-18\Software\Baidu] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [-HKEY_USERS\S-1-5-18\Software\Baidu Security] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp] [-HKEY_USERS\S-1-5-18\Softwar> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
OTM by OldTimer - Version 3.1.21.0 log created on 08132014_131205
Error: Unable to interpret <:Services :Processes KILLALLPROCESSES :Services BdApiUtil BdCameraProtect Bfilter Bfmon Bhbase Bprotect :Files C:\ProgramData\Baidu Security C:\Users\All Users\Baidu Security :Reg [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001> in the current context!
Error: Unable to interpret <\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00> in the current context!
Error: Unable to interpret <2\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]> in the current context!
Error: Unable to interpret <"DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil] "ImagePath"=-> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "InstPath"=- [-> in the current context!
Error: Unable to interpret
Error: Unable to interpret <[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "ucloud"=- [HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "dcloud"=- [HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web] "rcloud"=- [-HKEY_USERS\S-1-5-18\Software\Baidu] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [-HKEY_USERS\S-1-5-18\Software\Baidu Security] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\081213-12246-01.dmp] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090213-15787-01.dmp] [-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090413-12402-01.dmp] [-HKEY_USERS\S-1-5-18\Softwar> in the current context!
Error: Unable to interpret
Error: Unable to interpret
OTM by OldTimer - Version 3.1.21.0 log created on 08132014_131205
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 10:05
Você não fez o procedimento corretamente.
Você precisa copiar todo o texto em vermelho que te passei.
Depois disto é só executar o OTM como administrador. E depois é só seguir os passos que te passei na resposta anterior e poste o novo relatório que ele irá criar.
Você precisa copiar todo o texto em vermelho que te passei.
Depois disto é só executar o OTM como administrador. E depois é só seguir os passos que te passei na resposta anterior e poste o novo relatório que ele irá criar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 10:08
Power Max escreveu:Você não fez o procedimento corretamente.
Você precisa copiar todo o texto em vermelho que te passei.
Depois disto é só executar o OTM como administrador. E depois é só seguir os passos que te passei na resposta anterior e poste o novo relatório que ele irá criar.
Não estou conseguindo o computador simplesmente trava e fica horas na mesma tela.
teria como você me passar um novo script para que eu execute e faça um novo log?
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 10:10
O Script é o mesmo que te passei.
Tente executá-lo no modo seguro com rede e veja se é possível.
Tente executá-lo no modo seguro com rede e veja se é possível.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 10:12
Power Max escreveu:O Script é o mesmo que te passei.
Tente executá-lo no modo seguro com rede e veja se é possível.
esse em vermelho eu já fiz isso em modo de segurança , simplesmente trava e não da continuidade, o script que falo é o do zoek
para que eu faça uma nova pesquisa de log.
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 10:20
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Sex 15 Ago 2014, 10:41, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 10:48
eu executei o log:
Process;
startupall;
srinfo;
uninstall-list;
Baidu; z
Baidu; a
e segue resultado
Process;
startupall;
srinfo;
uninstall-list;
Baidu; z
Baidu; a
e segue resultado
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 10:49
vamsv escreveu:eu executei o log:
Process;
startupall;
srinfo;
uninstall-list;
Baidu; z
Baidu; a
e segue resultado
Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by suporteti on 14/08/2014 at 10:42:24,66.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\suporteti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-08-12-165821.log 31056 bytes
C:\zoek-results2014-08-14-132454.log 547 bytes
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Scpad\scpVista.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Users\suporteti\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
======== System Restore Points ========
RP102: 30/07/2014 13:24:40 - Ponto de Verificação Agendado
RP103: 07/08/2014 13:25:14 - Ponto de Verificação Agendado
RP104: 12/08/2014 13:36:26 - zoek.exe restore point
RP106: 13/08/2014 13:20:37 - Installed Rapport
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-759923729-1372179028-3196558642-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"KLPkInst_79cdd237-adfb-4582-89d5-e24732ff293c"="E:\Programas\Kaspersky\Kaspersky - Todas as Unidades\Diadema.exe -KLPI$ID 79cdd237-adfb-4582-89d5-e24732ff293c -tl 4"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 para Windows\avp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"KLPkInst_79cdd237-adfb-4582-89d5-e24732ff293c"="E:\Programas\Kaspersky\Kaspersky - Todas as Unidades\Diadema.exe -KLPI$ID 79cdd237-adfb-4582-89d5-e24732ff293c -tl 4"
==== Startup Folders ======================
2013-04-02 15:02:06 1264 ----a-w- C:\Users\suporteti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/05/2013 11:26]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Uninstall List x86 ======================
7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip]
Adobe Flash Player 14 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Reader XI (11.0.08) - Portuguˆs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1046-7B44-AB0000000001}]
CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
CutePDF Writer 2.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CutePDF Writer Installation]
DraftSight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE7D7509-CC19-4DED-A439-F50B191C9E37}]
Edi7Windows Ita£ [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Edi7Windows Ita£]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}]
Java 7 Update 55 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
Kaspersky Endpoint Security 10 para Windows [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9813DD3F-A28E-4B98-ACDE-12A3AB1C42E4}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Kaspersky Security Center Network Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}]
Malwarebytes Anti-Malware versÆo 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft .NET Framework 4 Client Profile PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A15757-4AE4-3C82-9711-863C84AFE6AA}]
Microsoft Office Home and Business 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.SingleImage]
Microsoft redistributable runtime DLLs VS2008 SP1(x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A47A9101-6EB5-4314-BDA1-297880FBB908}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
MSXML4.0 redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}]
OCS Inventory Agent 4.0.5.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OCS Inventory Agent]
Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20D4A895-748C-4D88-871C-FDB1695B0169}]
Prote‡Æo de Terminal Trusteer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Rapport_msi]
Rapport [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
SAP GUI for Windows 7.20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SAPGUI710]
SISCOB [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5940AE3-7244-11D6-BAB7-00010332BA5B}]
SolidWorks eDrawings 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8E824B6-78C0-4079-9B23-B86C8D9A78A1}]
UltraVnc [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ultravnc2_is1]
vcredist_x86 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}]
VIA Gerenciador de dispositivo de plataforma [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}]
VMware Zimbra Connector for Microsoft Outlook [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDED9F97-8C37-45CB-83B5-09AC5FDC5BFC}]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 31034119 bytes)
==== EOF on 14/08/2014 at 10:43:24,79 ======================
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 10:52
você não fez o procedimento correto faça por gentileza exatamente da maneira que te passei acima
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 12:17
Zoek.exe v5.0.0.0 Updated 06-August-2014
Tool run by suporteti on 14/08/2014 at 10:24:03,87.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\suporteti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-08-12-165821.log 31056 bytes
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 31034119 bytes)
==== EOF on 14/08/2014 at 10:24:54,04 ======================
Tool run by suporteti on 14/08/2014 at 10:24:03,87.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\suporteti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-08-12-165821.log 31056 bytes
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=7 31034119 bytes)
==== EOF on 14/08/2014 at 10:24:54,04 ======================
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 12:27
Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Última edição por Power Max em Sex 15 Ago 2014, 10:42, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 13:10
SystemLook 30.07.11 by jpshortstuff
Log created at 13:07 on 14/08/2014 by suporteti
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [12:12 12/08/2014]
========== regfind ==========
Searching for "baidu"
No data found.
-= EOF =-
Log created at 13:07 on 14/08/2014 by suporteti
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [12:12 12/08/2014]
========== regfind ==========
Searching for "baidu"
No data found.
-= EOF =-
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
(RESOLVIDO) Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 13:17
Estou executando o Eset Online e esta acusando que estou com outros malwares, anexei uma imagem
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Re: Remover Baidu do registro
por Power Max Qui 14 Ago 2014, 13:34
Espere até que o escaneamento do Nod32 termine e poste o relatório dele aqui em seu tópico para podermos analisar.
Quanto ao Baidu ele não está mais constando em seu PC.
Quanto ao Baidu ele não está mais constando em seu PC.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu do registro
por vamsv Qui 14 Ago 2014, 13:38
Segue foto do nod32
exite outra ferramenta para verificar se existe malware?
Obrigada, quando chegar em casa irei postar o log do meu.
exite outra ferramenta para verificar se existe malware?
Obrigada, quando chegar em casa irei postar o log do meu.
vamsv- Iniciante
- Mensagens : 42
Reputação : 0
Data de inscrição : 11/08/2014
Página 1 de 2 • 1, 2
Tópicos semelhantes» Remover Baidu do Registro
» Remover Baidu do registro
» remover baidu
» remover Baidu
» Infecção após ter recebido e aberto email
» Remover Baidu do registro
» remover baidu
» remover Baidu
» Infecção após ter recebido e aberto email
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|