Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14838 usuários registrados
O último membro registrado é Lanterna Verde com Disco

Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Últimos assuntos
» Disco 100% 2024 - Windows 10
por joram Ter 12 Nov 2024, 08:56

Quem está conectado?
101 usuários online :: 0 registrados, 0 invisíveis e 101 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

novembro 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário


Como remover Baidu e CE_umbrella

3 participantes

Página 1 de 2 1, 2  Seguinte

Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Como remover Baidu e CE_umbrella

Mensagem por Gil Raman Ter 26 Ago 2014, 14:43

Estou com o Baidu PC faster e o CE_umbrella me incomodando demais, como faço para remove-los?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max Ter 26 Ago 2014, 14:51

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Relatório AdwCleaner

Mensagem por Gil Raman Ter 26 Ago 2014, 17:25

# AdwCleaner v3.308 - Relatório criado 26/08/2014 às 17:13:32
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Usuario - GILRAMAN
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.308.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : IePluginServices
[#] Serviço Deletada : pricemeterliveUpdate
[#] Serviço Deletada : pricemeterliveUpdatem
[#] Serviço Deletada : SupraSavingsService
Serviço Deletada : Wajam Internet Enhancer Service
Serviço Deletada : nuttkoqiez32
Serviço Deletada : mtgaotushb32
Serviço Deletada : vulsrsebjh32
Serviço Deletada : {55dce8ba-9dec-4013-937e-adbf9317d990}Gw
Serviço Deletada : {55dce8ba-9dec-4013-937e-adbf9317d990}w
Serviço Deletada : {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
[!] Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\eSupport.com
Pasta Deletada : C:\Program Files\Funmoods
[!] Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\predm
[!] Pasta Deletada : C:\Program Files\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files\SaveSenseLive
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Program Files\Wajam
Pasta Deletada : C:\Program Files\005
Pasta Deletada : C:\Users\Convidado\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\genienext
Pasta Deletada : C:\Users\Usuario\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Usuario\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\Usuario\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Claro
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmchcpboeofpnjchpaegbibodfnpmjjc
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys
Arquivo Deletada : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
Arquivo Deletada : C:\Windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys
Arquivo Deletada : C:\Users\Convidado\daemonprocess.txt
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\invalidprefs.js
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : ASP
Tarefa Deletedo : Funmoods
Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : LaunchSignup
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineCore
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineUA
Tarefa Deletedo : pricemetertask
Tarefa Deletedo : pricemeterwatcher
Tarefa Deletedo : 995536eb-10c5-4980-bbd0-ce6515700031
Tarefa Deletedo : e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11
Tarefa Deletedo : e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\598f69953a6af8a\Google Chrome Canary.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\speedupmypc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\PIP
Chave Deletedo : HKCU\Software\PriceMeter
Chave Deletedo : HKCU\Software\PriceMeterLiveUpdate
Chave Deletedo : HKCU\Software\PriceMeterUpdater
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SecuredDownload
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\Vittalia
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\WSE_Astromenda
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\SOFTWARE\coupon downloader
Chave Deletedo : HKLM\SOFTWARE\FreeSoftToday
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SupDp
Chave Deletedo : HKLM\SOFTWARE\Supra Savings
Chave Deletedo : HKLM\SOFTWARE\suprasavings
Chave Deletedo : HKLM\SOFTWARE\SupTab
Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\supWPM
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Uniblue
Chave Deletedo : HKLM\SOFTWARE\Wajam
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17239

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\prefs.js ]

Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.keepAliveLastevent", "1408742961");
Linha deletada : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225");

-\\ Google Chrome v36.0.1985.143

[ Arquivo : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [29255 octets] - [26/08/2014 17:07:45]
AdwCleaner[S0].txt - [25934 octets] - [26/08/2014 17:13:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25995 octets] ##########
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Ainda aparece o Aviso CE_umbrellacert e Pasta Baidu

Mensagem por Gil Raman Ter 26 Ago 2014, 17:29

Ainda surge a janela de aviso CE_umbrellacert e apesar de ter elimindado arquivos Baidu, mas no driver C ainda se encontra a pasta do Baidu.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max Ter 26 Ago 2014, 23:39

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Segue relatório do Junkware Removal Tool (JRT)

Mensagem por Gil Raman Qua 27 Ago 2014, 10:56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Usuario on 27/08/2014 at 10:44:05,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [File] C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\invalidprefs.js
Emptied folder: C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/08/2014 at 10:53:22,66
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max Qua 27 Ago 2014, 11:00

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;
emptyfolderscheck;delete
Baidu;z
Baidu;a


*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Usei o Zoek e meu problema aumentou

Mensagem por Gil Raman Qui 28 Ago 2014, 16:59

Estou em outro Not, pq ontem depois que terminei de usar o Zoek, quando reiniciou e saiu o relatório a minha conexão não abriu mais. Tenho sinal mas o meu not só aparece a mensagem de: "O dispositivo ou recurso remoto não aceitará a conexão" quando faço o diagnóstico de rede do Windows.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max Qui 28 Ago 2014, 22:53

O problema é que o Umbrella às vezes faz isso para dificultar a desinstalação dele.

Faça uma restauração do sistema para algum dia antes do problema acontecer e nos diga se a internet voltou.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty k, farei isso e amanhã postarei!

Mensagem por Gil Raman Qui 28 Ago 2014, 23:04

Amanhã farei a restauração e postarei!

brigado e boa noite.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Restauração feita e com sucesso!

Mensagem por Gil Raman Sex 29 Ago 2014, 16:43

Fiz a restauração, deu certo e agora o baidú continua nos arquivos. Porém fiz uma busca na pesquisa do note e não encontrei o Certificado Umbrella. O que devo fazer para eliminar o Baidu?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram Sex 29 Ago 2014, 17:17

Gil Raman escreveu:Fiz a restauração, deu certo e agora o baidú continua nos arquivos. Porém fiz uma busca na pesquisa do note e não encontrei o Certificado Umbrella. O que devo fazer para eliminar o Baidu?
Boa Tarde! Gil Raman

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Fiz novamente o JRT!

Mensagem por Gil Raman Sex 29 Ago 2014, 18:12

Antes de vc postar eu resolvi refazer o JRT e pelo menos o baidu ficou neutralizado, porém ainda contando as pastas dele no C sem conseguir exclui-la pela lixeira. Segue relatório.

Farei este dai agora.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Relatório JRT

Mensagem por Gil Raman Sex 29 Ago 2014, 18:13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Usuario on 29/08/2014 at 17:42:10,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully disinfected: [Shortcut] C:\Users\Usuario\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\systweak"
Failed to delete: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\funmoods"



~~~ FireFox

Successfully deleted: [File] C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\user.js
Successfully deleted the following from C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\prefs.js

user_pref("browser.search.defaultenginename", "Web Search");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/08/2014 at 17:52:18,78
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram Sex 29 Ago 2014, 20:00

Boa Noite! Gil Raman

|- Poste o log de ZHPDiag,para removermos os resquícios do Baidu.

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Posso postar em etapas?

Mensagem por Gil Raman Sex 29 Ago 2014, 20:06

Como o log é extenso, poderia posta-lo em etapas?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty 01 ZHPDiag Log

Mensagem por Gil Raman Sex 29 Ago 2014, 20:12

~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Usuario (29/08/2014 19:54:12)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17239
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.143 (Defaut)
OPIE: Opera vNext 24.0.1558.43
OPIE: Opera vNext 24.0.1558.51

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.16

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 56 GB (50%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GILRAMAN
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 56 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 154 Go of 166 Go)
E: CD-ROM drive (Free 1 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 46 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2014 - 07:05:23.) -- C:\Windows\System32\wininet.dll [1792512]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/1185
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/674
~ Mon Bureau (My Desktop) : 1/16
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 07s



---\\ Processos lançados
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3580]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.3588]
[MD5.91198EFE940F26237122FC1CE8B785E9] - (.No owner - Torpedo.) -- C:\Program Files\Wifi Protector BI\995536eb-10c5-4980-bbd0-ce6515700031.exe [32104] [PID.3856]
[MD5.FFE86FE57B81D5DF61E978B0B2ACE7B5] - (...) -- C:\Program Files\SupTab\HpUI.exe [724480] [PID.3996] =>PUP.SupTab
[MD5.7D58C9BDF9C0A3955BDCDE7387AD12AC] - (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.4048]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.4064]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896] [PID.4084]
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe [1704296] [PID.3052]
[MD5.D46415CD75DDA09F0A17D2FDA2235CB0] - (...) -- C:\Program Files\SupTab\Loader32.exe [64000] [PID.868] =>PUP.SupTab
[MD5.269D066D41B631B1F22936248E80354F] - (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] [PID.1016] =>PUP.PriceMeter
[MD5.1FB581BAADA8C87DD7A2E32FE62ED868] - (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680] [PID.3396] =>PUP.ContentExplorer
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2092]
[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [54240] [PID.5344]
[MD5.C6A991D7DF17EBD8DE4739CD1F283133] - (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe [646144] [PID.3672]
[MD5.6C66AB9AE728F5A761F9322E92B38A74] - (.Opera Software - Opera Next.) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera.exe [47868536] [PID.5524]
[MD5.10FE324D6FBCF10587A503B99B10882C] - (...) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera_crashreporter.exe [1372280] [PID.5384]
[MD5.0BDAE865738D27A4D84D50591C8C9D2D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3792]
[MD5.E8F28312EC0211C7A9C5E344730EE312] - (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe [1067280] [PID.4480]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.5992]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Docs v.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Pesquisa do Google v.0.0.0.20 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2022.121, (Désactivé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pfkfdlcdbajamklbneflfbcmfgddmpae] Astromenda New Tab v.0.3.6, (Désactivé) =>PUP.Astromenda
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Google Docs]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [Google Drive]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [Pesquisa do Google]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [Gmail]
~ Google Lines Browser: 25 Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll =>.Google Inc
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.21.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.21.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.21.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Usuario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 13 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 17 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51319;https=127.0.0.1:51319 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (27)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} Chave orfã
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} Chave orfã
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
~ BHO: 14 Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ Global Startup: 3 Scanned in 00mn 05s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [fst_br_298] C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] . (...) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKCU\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKCU\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [HW_OPENEYE_OUC_] . (...) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
~ Application: Scanned in 00mn 00s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty 02 ZHPDiag Log

Mensagem por Gil Raman Sex 29 Ago 2014, 20:13


---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 7 Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: mtgaotushb32 (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
O23 - Service: nuttkoqiez32 (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) . (.arvato digital services llc - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Spark\sparkservice.exe
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O23 - Service: vulsrsebjh32 (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
O23 - Service: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\CyberLink\PowerDVD8\000.fcl
~ Services: 18 Scanned in 00mn 14s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 2 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.91198EFE940F26237122FC1CE8B785E9] [APT] [995536eb-10c5-4980-bbd0-ce6515700031] (...) -- C:\Program Files\Wifi Protector BI\995536eb-10c5-4980-bbd0-ce6515700031.exe [32104]
[MD5.9E5197D65BA34A4DB45B8BEFC3288C23] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320]
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RCP\systweakasp.exe (.not file.) [0]
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448]
[MD5.B269D6C6957BE7C32633C197F6CD0F56] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavUpdater.exe [2883736]
[MD5.88077CF32319BEE612C82EBF54680DE8] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4626712]
[MD5.5F88662809D795645336F60ABAD896E8] [APT] [e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11] (.WFprotect.) -- C:\Program Files\Wifi Protector BI\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11.exe [1922920]
[MD5.A1523EEACE37D8C2F1F7C663D6F778A3] [APT] [e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4] (.WFprotect.) -- C:\Program Files\Wifi Protector BI\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.exe [1443688]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Usuario\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.1A5ED0D77840B4AA76DBE16E2AF8F4E3] [APT] [Opera scheduled Autoupdate 1408742278] (.Opera Software.) -- C:\Program Files\Opera Next\launcher.exe [256632]
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [pricemetertask] (...) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeter.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.269D066D41B631B1F22936248E80354F] [APT] [pricemeterwatcher] (.PriceMeter.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [SparkUpdater] (...) -- C:\Program Files\baidu\Spark\SparkUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{20A7C71D-008A-4132-9DDC-D6239052267D}] (...) -- c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe (.not file.) [0]
[MD5.0BDAE865738D27A4D84D50591C8C9D2D] [APT] [{8EB82932-EEF3-4CF2-83AE-576841232435}] (.Google Inc..) -- c:\program files\google\chrome\application\chrome.exe [860488]
[MD5.00000000000000000000000000000000] [APT] [{C362CBD1-13DC-4885-96C3-FCF90CD613E1}] (...) -- C:\Program Files\Mobinil USB Modem\uninst.exe (.not file.) [0]
O39 - APT: 995536eb-10c5-4980-bbd0-ce6515700031 - (...) -- C:\Windows\Tasks\995536eb-10c5-4980-bbd0-ce6515700031.job [632]
O39 - APT: 995536eb-10c5-4980-bbd0-ce6515700031 - (...) -- C:\Windows\System32\Tasks\995536eb-10c5-4980-bbd0-ce6515700031 [632]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11.job [4484]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 [4484]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job [2896] =>PUP.CrossRider
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 [2896] =>PUP.CrossRider
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core.job [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA.job [936]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA [936]
O39 - APT: Funmoods - (...) -- C:\Windows\Tasks\Funmoods.job [300] =>PUP.Funmoods
O39 - APT: Funmoods - (...) -- C:\Windows\System32\Tasks\Funmoods [300] =>PUP.Funmoods
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [914]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [914]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [956] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [956] =>PUP.PriceMeter
~ Scheduled Task: 46 Scanned in 00mn 15s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
~ Active Setup: 10 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys =>PUP.LinkiDoo
O41 - Driver: ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys =>PUP.LinkiDoo
~ Drivers: 99 Scanned in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 14 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 14 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader XI (11.0.02) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Badoo Desktop - (.Badoo.) [HKLM] -- {D91D71FB-C52E-440D-8A78-5E5E05487DA0}
O42 - Logiciel: Baidu Antivirus - (.Baidu, Inc..) [HKLM] -- Baidu Antivirus
O42 - Logiciel: Biblia Eletrônica 2.7.7 - (.RkSoft Desenvolvimentos.) [HKLM] -- Biblia Eletrônica_is1
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{B865FDD4-E96E-4166-BB69-6E8C207E3E29}
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {B865FDD4-E96E-4166-BB69-6E8C207E3E29}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - (.Corel Corporation.) [HKLM] -- _{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - IPM Content - (.Corel Corporation.) [HKLM] -- {657EAD32-8E7A-43C0-A794-3BB31B00DC34}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - IPM T - (.Corel Corporation.) [HKLM] -- {D29A4F85-0FB7-4E54-B591-044652C4295F}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - Writing Tools - (. Corel Corporation.) [HKLM] -- {246FE426-2661-4DD6-9603-DF2E6832387C}
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} =>.Google Inc
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 7 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF}
O42 - Logiciel: K-Lite Mega Codec Pack 6.7.0 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Mozilla Firefox 31.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 31.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {4908C75E-E5E2-43F7-B1DF-023CBA831046}
O42 - Logiciel: Opera Next 24.0.1558.43 - (.Opera Software ASA.) [HKLM] -- Opera 24.0.1558.43
O42 - Logiciel: Opera Next 24.0.1558.51 - (.Opera Software ASA.) [HKLM] -- Opera 24.0.1558.51
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: Price Meter (remove only) - (.Price Meter.) [HKCU] -- Price Meter =>PUP.PriceMeter
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Remote Desktop Access (VuuPC) - (.CMI Limited.) [HKLM] -- VOPackage =>PUP.VuuPC
O42 - Logiciel: Revo Uninstaller 1.95 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: SlimDrivers - (.SlimWare Utilities, Inc..) [HKLM] -- {3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}
O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU] -- PriceMeterUpdater =>PUP.PriceMeter
O42 - Logiciel: VIVO INTERNET - (.Huawei Technologies Co.,Ltd.) [HKLM] -- VIVO INTERNET
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM] -- Wifi Protector BI
O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher
O42 - Logiciel: avast! Free Antivirus v9.0.2021 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 48 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AlterGeo]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Badoo]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKCU\Software\Bitstream]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\Corel]
[HKCU\Software\Cyberlink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Facebook]
[HKCU\Software\Fredi Giesbrecht]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Headlight]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Licenses]
[HKCU\Software\MCAFEE]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\Protexis]
[HKCU\Software\Reg]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\SecuredDownload]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SlimWare Utilities Inc]
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider
[HKCU\Software\Trolltech]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\globalUpdate]
[HKCU\Software\kde.org]
[HKCU\Software\madFlac]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\Atheros]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Bitstream]
[HKLM\Software\C6CAB4CF-DAB9-45B9-AE9A-961145402E07]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\ComodoGroup]
[HKLM\Software\Corel]
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKLM\Software\CyberLink]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Gabest]
[HKLM\Software\GlobalUpdate]
[HKLM\Software\Google]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IM Providers]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Kodak]
[HKLM\Software\Lake]
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Macromedia]
[HKLM\Software\MaxPower]
[HKLM\Software\McAfee.com]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Optimal Software sro]
[HKLM\Software\PDFCreator]
[HKLM\Software\PIP]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKLM\Software\Protexis]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\Reg]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RkSoft]
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\Skype]
[HKLM\Software\SlimWare Utilities Inc]
[HKLM\Software\Sonic]
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SuppHelpDir]
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Uniblue]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ahead]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\mozilla.org]
[HKLM\Software\mugen]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\suprasavings] =>PUP.SupraSavings
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches
~ Key Software: 237 Scanned in 00mn 00s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty 03 ZHPDiag Log

Mensagem por Gil Raman Sex 29 Ago 2014, 20:15


---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 07/10/2013 - 00:06:54 - [] ----D C:\Program Files\Adobe
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\Program Files\Arquivos Comuns
O43 - CFD: 15/08/2013 - 14:24:42 - [] ----D C:\Program Files\Atheros
O43 - CFD: 04/11/2013 - 08:36:14 - [] ----D C:\Program Files\Atube
O43 - CFD: 15/08/2013 - 15:14:33 - [] ----D C:\Program Files\AVAST Software
O43 - CFD: 29/08/2014 - 17:43:50 - [] ----D C:\Program Files\baidu
O43 - CFD: 01/08/2014 - 21:43:07 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 25/07/2014 - 13:41:15 - [] ----D C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07
O43 - CFD: 22/08/2014 - 13:46:36 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 19/05/2014 - 10:25:46 - [] ----D C:\Program Files\Common Files
O43 - CFD: 31/03/2014 - 13:04:07 - [] ----D C:\Program Files\Corel
O43 - CFD: 15/08/2013 - 11:46:55 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 04/11/2013 - 08:35:19 - [] ----D C:\Program Files\DsNET Corp
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\DVD Maker
O43 - CFD: 16/10/2013 - 10:38:57 - [] ----D C:\Program Files\FormatFactory
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\globalUpdate
O43 - CFD: 21/08/2014 - 22:19:10 - [] ----D C:\Program Files\Google
O43 - CFD: 07/10/2013 - 00:06:54 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 15/08/2013 - 14:57:03 - [] ----D C:\Program Files\Intel
O43 - CFD: 22/08/2014 - 01:00:48 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 16/10/2013 - 10:40:05 - [] ----D C:\Program Files\iTunes
O43 - CFD: 15/08/2013 - 11:42:50 - [] ----D C:\Program Files\Java
O43 - CFD: 15/08/2013 - 11:37:26 - [] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 14/07/2009 - 05:53:52 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 14/11/2013 - 14:04:59 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 16/10/2013 - 11:47:00 - [] ----D C:\Program Files\Microsoft SDKs
O43 - CFD: 15/08/2013 - 11:27:31 - [] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 15/08/2013 - 11:25:12 - [] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 16/10/2013 - 11:47:39 - [] ----D C:\Program Files\Microsoft Visual Studio 9.0
O43 - CFD: 16/10/2013 - 00:08:25 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 16/10/2013 - 11:25:13 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 22/08/2014 - 17:56:34 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 22/08/2014 - 17:56:18 - [] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 15/08/2013 - 11:27:57 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 15/08/2013 - 11:50:57 - [] ----D C:\Program Files\Nero
O43 - CFD: 29/08/2014 - 14:42:35 - [] ----D C:\Program Files\Opera Next
O43 - CFD: 15/08/2013 - 11:36:55 - [] ----D C:\Program Files\PDFCreator
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 15/08/2013 - 14:59:32 - [] ----D C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 01:52:30 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 07/10/2013 - 00:20:41 - [] ----D C:\Program Files\RkSoft
O43 - CFD: 05/03/2014 - 09:12:53 - [] R---D C:\Program Files\Skype
O43 - CFD: 15/08/2013 - 14:32:41 - [] ----D C:\Program Files\SlimDrivers
O43 - CFD: 16/10/2013 - 10:41:07 - [] ----D C:\Program Files\sunavimapdata
O43 - CFD: 29/08/2014 - 14:33:22 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 25/08/2013 - 21:12:07 - [] ----D C:\Program Files\Vivo
O43 - CFD: 30/06/2014 - 13:21:55 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 04/10/2013 - 18:25:05 - [] ----D C:\Program Files\VS Revo Group
O43 - CFD: 21/08/2014 - 21:58:13 - [] ----D C:\Program Files\Wifi Protector BI
O43 - CFD: 11/10/2013 - 15:51:09 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 10/07/2014 - 11:12:43 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 15/08/2013 - 11:13:21 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 21/02/2014 - 06:29:48 - [] ----D C:\Program Files\WinRAR
O43 - CFD: 29/08/2014 - 19:52:14 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 07/10/2013 - 00:11:38 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 15/08/2013 - 11:52:14 - [] ----D C:\Program Files\Common Files\Ahead
O43 - CFD: 31/03/2014 - 04:12:54 - [] ----D C:\Program Files\Common Files\Corel
O43 - CFD: 15/08/2013 - 11:46:48 - [] ----D C:\Program Files\Common Files\CyberLink
O43 - CFD: 19/05/2014 - 10:25:46 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 07/10/2013 - 00:18:33 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 15/08/2013 - 14:54:31 - [] ----D C:\Program Files\Common Files\Intel
O43 - CFD: 15/08/2013 - 11:43:18 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 18/10/2013 - 13:12:21 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 15/08/2013 - 14:55:58 - [] ----D C:\Program Files\Common Files\postureAgent
O43 - CFD: 01/12/2013 - 00:11:56 - [] ----D C:\Program Files\Common Files\Protexis
O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\Program Files\Common Files\Sistema
O43 - CFD: 15/08/2013 - 14:31:35 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/10/2013 - 12:18:18 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 30/03/2014 - 22:59:16 - [] ----D C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 18/08/2014 - 22:51:04 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 25/07/2014 - 14:36:12 - [] ----D C:\ProgramData\Apple
O43 - CFD: 25/07/2014 - 14:37:16 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 15/08/2013 - 14:24:39 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 30/10/2013 - 23:38:58 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 29/08/2014 - 19:29:54 - [] ----D C:\ProgramData\Badoo
O43 - CFD: 28/07/2014 - 13:01:16 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 17/10/2013 - 20:48:22 - [] ----D C:\ProgramData\Bitstream
O43 - CFD: 31/03/2014 - 12:49:50 - [] ----D C:\ProgramData\Corel
O43 - CFD: 03/12/2013 - 22:10:08 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 01/08/2014 - 20:45:09 - [] ----D C:\ProgramData\DatacardService
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 29/08/2014 - 14:33:05 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 07/10/2013 - 00:19:02 - [] ----D C:\ProgramData\InstallShield
O43 - CFD: 04/09/2013 - 11:54:07 - [] ----D C:\ProgramData\log
O43 - CFD: 13/10/2013 - 23:25:04 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 01/08/2014 - 21:43:48 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 03/06/2014 - 14:31:14 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 21/08/2014 - 01:39:45 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 15/08/2013 - 11:37:41 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 15/08/2013 - 11:50:57 - [] ----D C:\ProgramData\Nero
O43 - CFD: 04/09/2013 - 11:54:08 - [] ----D C:\ProgramData\OnlineUpdate
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 31/03/2014 - 11:25:09 - [] ----D C:\ProgramData\Protexis
O43 - CFD: 05/03/2014 - 09:13:12 - [] ----D C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 15/08/2013 - 11:43:19 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 27/06/2014 - 17:21:13 - [] ----D C:\ProgramData\VIVO INTERNET
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 29/08/2014 - 14:30:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Adobe
O43 - CFD: 04/12/2013 - 12:56:16 - [] ----D C:\Users\Usuario\AppData\Roaming\Ahead
O43 - CFD: 25/07/2014 - 23:19:27 - [] ----D C:\Users\Usuario\AppData\Roaming\Apple Computer
O43 - CFD: 09/08/2014 - 15:13:18 - [] ----D C:\Users\Usuario\AppData\Roaming\Avant Downloader
O43 - CFD: 09/08/2014 - 16:26:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Avant Profiles
O43 - CFD: 30/11/2013 - 09:40:59 - [] ----D C:\Users\Usuario\AppData\Roaming\AVAST Software
O43 - CFD: 30/11/2013 - 09:18:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O43 - CFD: 29/08/2014 - 14:35:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 31/03/2014 - 11:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Corel
O43 - CFD: 15/08/2013 - 11:48:36 - [] ----D C:\Users\Usuario\AppData\Roaming\CyberLink
O43 - CFD: 15/08/2013 - 11:14:02 - [] ----D C:\Users\Usuario\AppData\Roaming\Identities
O43 - CFD: 15/08/2013 - 19:41:36 - [] ----D C:\Users\Usuario\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 05:52:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Media Center Programs
O43 - CFD: 03/06/2014 - 14:31:14 - [] -S--D C:\Users\Usuario\AppData\Roaming\Microsoft
O43 - CFD: 15/08/2013 - 15:31:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Mozilla
O43 - CFD: 22/08/2014 - 18:19:31 - [] ----D C:\Users\Usuario\AppData\Roaming\Opera Software
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 17:01:25 - [] ----D C:\Users\Usuario\AppData\Roaming\Skype
O43 - CFD: 21/10/2013 - 20:36:45 - [] ----D C:\Users\Usuario\AppData\Roaming\VIVO INTERNET
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 15/08/2013 - 11:19:52 - [] ----D C:\Users\Usuario\AppData\Roaming\WinRAR
O43 - CFD: 29/08/2014 - 19:55:21 - [] ----D C:\Users\Usuario\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 22/08/2014 - 19:10:58 - [] ----D C:\Users\Usuario\AppData\Local\Adobe
O43 - CFD: 01/09/2013 - 12:49:36 - [] ----D C:\Users\Usuario\AppData\Local\Ahead
O43 - CFD: 25/07/2014 - 14:36:16 - [] ----D C:\Users\Usuario\AppData\Local\Apple
O43 - CFD: 28/07/2014 - 13:25:20 - [] ----D C:\Users\Usuario\AppData\Local\Apple Computer
O43 - CFD: 19/10/2013 - 23:18:56 - [] ----D C:\Users\Usuario\AppData\Local\Comodo
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Dados de aplicativos
O43 - CFD: 28/08/2014 - 12:12:22 - [] ----D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
O43 - CFD: 17/04/2014 - 21:38:14 - [] -SH-D C:\Users\Usuario\AppData\Local\EmieSiteList
O43 - CFD: 17/04/2014 - 21:38:14 - [] -SH-D C:\Users\Usuario\AppData\Local\EmieUserList
O43 - CFD: 20/10/2013 - 20:31:35 - [] ----D C:\Users\Usuario\AppData\Local\Facebook
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 30/07/2014 - 08:25:36 - [] ----D C:\Users\Usuario\AppData\Local\Google
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Histórico
O43 - CFD: 04/10/2013 - 19:07:53 - [] ----D C:\Users\Usuario\AppData\Local\Macromedia
O43 - CFD: 29/08/2014 - 14:29:56 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft
O43 - CFD: 10/09/2013 - 12:07:56 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Games
O43 - CFD: 15/08/2013 - 11:24:32 - [0] ----D C:\Users\Usuario\AppData\Local\Microsoft Help
O43 - CFD: 05/10/2013 - 17:52:14 - [] ----D C:\Users\Usuario\AppData\Local\Mozilla
O43 - CFD: 22/08/2014 - 18:19:33 - [] ----D C:\Users\Usuario\AppData\Local\Opera Software
O43 - CFD: 29/08/2014 - 14:31:16 - [] ----D C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 30/11/2013 - 19:43:46 - [] ----D C:\Users\Usuario\AppData\Local\Programs
O43 - CFD: 15/08/2013 - 14:33:00 - [] ----D C:\Users\Usuario\AppData\Local\SlimWare Utilities Inc
O43 - CFD: 29/08/2014 - 19:54:55 - [] ----D C:\Users\Usuario\AppData\Local\Temp
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Temporary Internet Files
O43 - CFD: 14/07/2009 - 01:42:04 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 19/05/2014 - 10:32:04 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 15/08/2013 - 15:06:03 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
O43 - CFD: 14/07/2009 - 01:37:42 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter
O43 - CFD: 22/07/2014 - 17:57:12 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
O43 - CFD: 22/08/2014 - 18:51:09 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O43 - CFD: 15/08/2013 - 11:19:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 173 Scanned in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.614B1A95F788B280EDFD54B83C94CC91] - 15/08/2014 - 22:47:15 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [790304]
O44 - LFC:[MD5.CADC4CFE957C24984FFA718AB7E4EF3C] - 20/08/2014 - 10:29:35 ---A- . (.Microsoft Corporation - IU de consentimento para aplicativos admini.) -- C:\Windows\System32\consent.exe [101824]
O44 - LFC:[MD5.9DA1CCDBBF8136AC2383C2624CA8CD14] - 20/08/2014 - 10:29:35 ---A- . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msihnd.dll [337408]
O44 - LFC:[MD5.43CD23B65CBF04D6F8ACA984B0EF93FE] - 20/08/2014 - 10:29:36 ---A- . (.Microsoft Corporation - Interface do Usuário da Autenticação do Win.) -- C:\Windows\System32\authui.dll [1805824]
O44 - LFC:[MD5.C212A43AA83A717AD38505F23ACDCB33] - 20/08/2014 - 10:29:38 ---A- . (.Microsoft Corporation - Windows Installer.) -- C:\Windows\System32\msi.dll [2363392]
O44 - LFC:[MD5.D08819FEE0CDB8A8A58E2B34D05E7A11] - 20/08/2014 - 10:30:16 ---A- . (.Microsoft Corporation - DLL do recurso Fusos Horários.) -- C:\Windows\System32\tzres.dll [2048]
O44 - LFC:[MD5.8453DDF167CE2986AA4AB04BC6824925] - 20/08/2014 - 10:32:02 ---A- . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll [17524224]
O44 - LFC:[MD5.7C1BFC2ABE297BCA1A7BA77A8292C088] - 20/08/2014 - 10:32:04 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript9.dll [4204032]
O44 - LFC:[MD5.24FA5F74D3B4BA62539DF87285BA934E] - 20/08/2014 - 10:32:06 ---A- . (.Microsoft Corporation - Microsoft ® JScript Diagnostics.) -- C:\Windows\System32\jscript9diag.dll [597504]
O44 - LFC:[MD5.FF4A917DD7C387BD2715A5F67307FED1] - 20/08/2014 - 10:32:09 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll [2184704]
O44 - LFC:[MD5.272420427EB96EA052C719AA796C09F2] - 20/08/2014 - 10:32:11 ---A- . (.Microsoft Corporation - DAC for Trident DOM.) -- C:\Windows\System32\MshtmlDac.dll [61952]
O44 - LFC:[MD5.49FFD37673BD20279A8BF27CC20040B3] - 20/08/2014 - 10:32:11 ---A- . (.Microsoft Corporation - Microsoft (R) HTML Media DLL.) -- C:\Windows\System32\mshtmlmedia.dll [1068032]
O44 - LFC:[MD5.444EB30B1610A35FC99D62A91B2BCAA7] - 20/08/2014 - 10:32:13 ---A- . (.Microsoft Corporation - Microsoft® HTML Editing Component.) -- C:\Windows\System32\mshtmled.dll [69632]
O44 - LFC:[MD5.90FF511B751A0327D07C4073760F1578] - 20/08/2014 - 10:32:14 ---A- . (.Microsoft Corporation - Navegador da Internet.) -- C:\Windows\System32\ieframe.dll [11772928]
O44 - LFC:[MD5.F48A1A114382AB4EF8000E1943E6CF1F] - 20/08/2014 - 10:32:15 ---A- . (.Microsoft Corporation - Mecanismo da Interface do Usuário do Intern.) -- C:\Windows\System32\ieui.dll [438784]
O44 - LFC:[MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - 20/08/2014 - 10:32:17 ---A- . (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [1792512]
O44 - LFC:[MD5.18A3154606E3F8945956948A4E708007] - 20/08/2014 - 10:32:18 ---A- . (.Microsoft Corporation - Microsoft SmartScreen Filter.) -- C:\Windows\System32\ieapfltr.dll [704512]
O44 - LFC:[MD5.D7D412D3436CFB85B383CDD3C9B455F0] - 20/08/2014 - 10:32:19 ---A- . (.Microsoft Corporation - IE ETW Collector Service Resources.) -- C:\Windows\System32\ieetwcollectorres.dll [4096]
O44 - LFC:[MD5.9D16B568E318F49535AD72539C9997C2] - 20/08/2014 - 10:32:19 ---A- . (.Microsoft Corporation - Microsoft ® VBScript.) -- C:\Windows\System32\vbscript.dll [455168]
O44 - LFC:[MD5.B91AA3BC8083E66925FAE29FDA485CEA] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Classificação da Internet e DLL de gerencia.) -- C:\Windows\System32\msrating.dll [164864]
O44 - LFC:[MD5.4D0E91438CE181AF94C653B3BBE3C65A] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Mapa de versão IOD.) -- C:\Windows\System32\iesetup.dll [61952]
O44 - LFC:[MD5.7EFBB7A3C664A8DF93C9937DF76760A4] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe [663040]
O44 - LFC:[MD5.E70C00791A18866BB23B3A652E3390A0] - 20/08/2014 - 10:32:22 ---A- . (.Microsoft Corporation - Painel de Controle da Internet.) -- C:\Windows\System32\inetcpl.cpl [2001920]
O44 - LFC:[MD5.E8D46F442AB53A52BDBB3EA0C51BDABD] - 20/08/2014 - 10:32:25 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb [2724864]
O44 - LFC:[MD5.1A05CFA45B6AEBFCCC835DCF68CBD1D0] - 20/08/2014 - 10:32:26 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [526336]
O44 - LFC:[MD5.36B67392AFB8901CC442EA988AD4603D] - 20/08/2014 - 10:32:29 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll [43008]
O44 - LFC:[MD5.87C2B5010779DF6BE4732751C5DB5D64] - 20/08/2014 - 10:32:29 ---A- . (.Microsoft Corporation - Utilitário de Instalação Autônoma do IE 7.0.) -- C:\Windows\System32\ieUnatt.exe [112128]
O44 - LFC:[MD5.7B051C4A70F23A84A09366999FE63CBD] - 20/08/2014 - 10:32:30 ---A- . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll [307384]
O44 - LFC:[MD5.6D017C0E499443ACDE3D9B5DCD753F32] - 20/08/2014 - 10:32:31 ---A- . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll [1169920]
O44 - LFC:[MD5.478824EC0BCE9968C0DC787164B1753B] - 20/08/2014 - 10:32:32 ---A- . (.Microsoft Corporation - Processamento de RunOnce estendido com inte.) -- C:\Windows\System32\iernonce.dll [32768]
O44 - LFC:[MD5.3BB3D5D1CACD68BE8F7A16CCB3AADA93] - 20/08/2014 - 10:32:33 ---A- . (.Microsoft Corporation - Microsoft Spell Checking Facility.) -- C:\Windows\System32\MsSpellCheckingFacility.exe [646144]
O44 - LFC:[MD5.FEE3E022B00A5165ED645E38C1E6C776] - 20/08/2014 - 10:32:36 ---A- . (.Microsoft Corporation - JavaScript Performance Collection Agent.) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [60416]
O44 - LFC:[MD5.004DFEA0B7AE3F8F438CD2D8C643DAEE] - 20/08/2014 - 10:32:37 ---A- . (.Microsoft Corporation - IE ETW Collector Service.) -- C:\Windows\System32\ieetwcollector.exe [108032]
O44 - LFC:[MD5.41A3A54603686FD437FA4E8EB95025F9] - 20/08/2014 - 10:32:38 ---A- . (.Microsoft Corporation - IE ETW Collector Proxy Stub Resources.) -- C:\Windows\System32\ieetwproxystub.dll [51200]
O44 - LFC:[MD5.5860EE5C807CB3866551B845123493C6] - 20/08/2014 - 10:32:50 ---A- . (.Microsoft Corporation - Canonical Display Driver.) -- C:\Windows\System32\cdd.dll [107520]
O44 - LFC:[MD5.0EC652D17AB4607745FB4E6958E8FAB6] - 20/08/2014 - 10:32:52 ---A- . (.Microsoft Corporation - DirectX Graphics MMS.) -- C:\Windows\System32\Drivers\dxgmms1.sys [219072]
O44 - LFC:[MD5.3583A5A8CC2E682BFFBD4630D0FEC08B] - 20/08/2014 - 10:32:53 ---A- . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys [730048]
O44 - LFC:[MD5.C9059EF0C94C55C0DA9CACEE160A5F66] - 20/08/2014 - 10:33:05 ---A- . (.Microsoft Corporation - Tempo de Execução da Chamada de Procediment.) -- C:\Windows\System32\rpcrt4.dll [654336]
O44 - LFC:[MD5.28A8B99DE70F376B18709E6B07D6A352] - 21/08/2014 - 01:27:47 ---A- . (.Microsoft Corporation - Windows Presentation Foundation Terminal Se.) -- C:\Windows\System32\TsWpfWrp.exe [35480]
O44 - LFC:[MD5.8D466B36076BCD7997838C0DDB69764C] - 21/08/2014 - 01:27:56 ---A- . (.Microsoft Corporation - Windows CardSpace User Interface Agent.) -- C:\Windows\System32\icardagt.exe [619672]
O44 - LFC:[MD5.370FC4421ADE62FC89AC93B345570388] - 21/08/2014 - 01:28:11 ---A- . (.Microsoft Corporation - Windows CardSpace.) -- C:\Windows\System32\icardres.dll [8856]
O44 - LFC:[MD5.AF6655214DEBB2C8446DE843A02AAEBA] - 21/08/2014 - 01:28:19 ---A- . (.Microsoft Corporation - Microsoft InfoCards.) -- C:\Windows\System32\infocardapi.dll [99480]
O44 - LFC:[MD5.613817D8A16C0881E2C8B3BC1AE65F61] - 21/08/2014 - 01:33:57 ---A- . (.Microsoft Corporation - Ferramentas de Remoção de Software Mal-Inte.) -- C:\Windows\System32\MRT.exe [96303304]
O44 - LFC:[MD5.D46A98F636ED62BFF86A7FBD9FB8A0D3] - 21/08/2014 - 22:13:26 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [699568]
O44 - LFC:[MD5.2B74D96B832F7D9B3E6D29FC396BD2EE] - 21/08/2014 - 22:13:26 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [71344]
O44 - LFC:[MD5.CC0F8A70179C0F7292A0486C6EAEDFA5] - 22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/08/2014 - 21:37:13 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.F419D738BD2AE58D9DF2F9FEB5F43842] - 23/08/2014 - 10:06:27 ---A- . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\System32\wuapp.exe [33792]
O44 - LFC:[MD5.5AA2CAD923E9E647276A61387E83DDD0] - 23/08/2014 - 10:06:41 ---A- . (.Microsoft Corporation - Windows Update Vista Web Control.) -- C:\Windows\System32\wuwebv.dll [179656]
O44 - LFC:[MD5.867148EBF47E7E7E7B21C07B4A981929] - 23/08/2014 - 10:07:47 ---A- . (.Microsoft Corporation - API do Cliente do Windows Update.) -- C:\Windows\System32\wuapi.dll [581600]
O44 - LFC:[MD5.372218B80DEF827063049EBEE76B7501] - 23/08/2014 - 10:07:47 ---A- . (.Microsoft Corporation - Windows Update WUDriver Stub.) -- C:\Windows\System32\wudriver.dll [92672]
O44 - LFC:[MD5.255F0417EC31C71585824269522EC8E9] - 23/08/2014 - 10:07:48 ---A- . (.Microsoft Corporation - Windows Update client proxy stub.) -- C:\Windows\System32\wups.dll [36320]
O44 - LFC:[MD5.EC6E2DB67695966DF22CF5EBEFC1D305] - 23/08/2014 - 10:08:26 ---A- . (.Microsoft Corporation - Experiência de Usuário Cliente do Windows U.) -- C:\Windows\System32\wucltux.dll [2425856]
O44 - LFC:[MD5.D9B0134913E5EF007AF82A418C503322] - 23/08/2014 - 10:08:26 ---A- . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1973728]
O44 - LFC:[MD5.072678E0D68E9C3A7960328671134C7B] - 23/08/2014 - 10:08:27 ---A- . (.Microsoft Corporation - Windows Update.) -- C:\Windows\System32\wuauclt.exe [54240]
O44 - LFC:[MD5.459E257F8915D44B23ACB46211FD45D0] - 23/08/2014 - 10:08:28 ---A- . (.Microsoft Corporation - Windows Update client proxy stub 2.) -- C:\Windows\System32\wups2.dll [45536]
O44 - LFC:[MD5.7E86F1E133233A51BE1B6849A1A315C0] - 23/08/2014 - 22:22:12 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.C315FB0D2F99BF8E09A473DF46AEEB47] - 24/08/2014 - 11:33:39 ---A- . (...) -- C:\Windows\PFRO.log [8324]
O44 - LFC:[MD5.222FEC6A9BBCC5186A1D111EE525F896] - 27/08/2014 - 11:50:29 ---A- . (...) -- C:\zoek-results.log [67158]
O44 - LFC:[MD5.CA630DBADEB5B6101531F986ADFE46C9] - 29/08/2014 - 17:16:05 ---A- . (.Thisisu - Junkware Removal Tool.) -- C:\JRT.exe [1016261]
O44 - LFC:[MD5.B0EC8C6756A84C17ADB89B58786DD8E4] - 29/08/2014 - 17:40:05 ---A- . (...) -- C:\Windows\setupact.log [280]
O44 - LFC:[MD5.6CD4A748E09C6FA4012A0434B13E0CDF] - 29/08/2014 - 18:18:00 ---A- . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\ZHPDiag2.exe [6860008]
O44 - LFC:[MD5.7BC75BB93CC2E2AA1B8566905F298682] - 29/08/2014 - 18:33:26 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.2E62309469D76C77D676C97CD8E27A07] - 29/08/2014 - 18:33:35 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1576723]
~ Files: 66 Scanned in 00mn 20s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty 04 ZHPDiag Log

Mensagem por Gil Raman Sex 29 Ago 2014, 20:16


---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.66654A711DABFE6D30D065F0E78D9B7A] - 29/08/2014 - 19:39:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-376284BF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.0F641B1C4E8A6387C1AB65D921AAF740] - 29/08/2014 - 17:41:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATEHANDLER.E-290574D8.pf =>PUP.PriceMeter
~ Prefetcher: 2 Scanned in 00mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ LSA: 8 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0480787f-0c28-11e3-b970-001e101f8924}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{1959094b-fdff-11e3-9217-e81132b44dea}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{19590958-fdff-11e3-9217-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{31cf5a92-006f-11e4-a8d6-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{34165d68-05f8-11e3-8081-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{34165d74-05f8-11e3-8081-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{4e3c79c0-168e-11e3-992c-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{4e3c79ce-168e-11e3-992c-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{7a084fb8-1458-11e4-a847-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{88902452-1662-11e3-b7c3-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{88902460-1662-11e3-b7c3-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{8c32c8e6-2d32-11e3-b49a-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
~ TDSD: 9 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\BDRegion [Key] . (.cyberlink - brs.) -- C:\Program Files\Cyberlink\Shared Files\brs.exe
O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\PDVD8LanguageShortcut [Key] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O53 - SMSR:HKLM\...\startupreg\RemoteControl8 [Key] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ SMSR Keys: 7 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0
~ MWPS: 18 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ MWPE Keys: 1 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400]
O58 - SDL:20/11/2010 - 09:29:13 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [80256]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312]
O58 - SDL:20/11/2010 - 09:29:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22400]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [67824]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [81768]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [779536]
O58 - SDL:01/08/2014 - 08:42:50 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswsp.sys [414520]
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [71944]
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:12/12/2011 - 19:32:24 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athr.sys [2228224]
O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:16/06/2014 - 09:08:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:13/06/2014 - 07:03:37 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [157504]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128]
O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080]
O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160]
O58 - SDL:30/06/2013 - 21:27:59 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbwwan.sys [381952]
O58 - SDL:21/08/2013 - 23:30:35 ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcacm Driver.) -- C:\Windows\System32\Drivers\ew_cdcacm.sys [108032]
O58 - SDL:21/08/2013 - 23:31:49 ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcndis Driver.) -- C:\Windows\System32\Drivers\ew_wwanecm.sys [315520]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECI.sys [41088]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152]
O58 - SDL:20/11/2010 - 09:29:54 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332160]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [10859520]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\Windows\System32\Drivers\Impcd.sys [132480]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [270336]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824]
O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584]
O58 - SDL:17/07/2014 - 15:20:10 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [31744]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624]
O58 - SDL:20/11/2010 - 09:30:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117120]
O58 - SDL:20/11/2010 - 09:30:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [143744]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [391272]
O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:15/08/2013 - 19:34:26 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:30/04/2013 - 05:51:09 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35088]
O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976]
O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904]
O58 - SDL:25/07/2014 - 16:19:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys [52880] =>PUP.LinkiDoo
O58 - SDL:09/08/2014 - 06:30:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880] =>PUP.LinkiDoo
O58 - SDL:22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:12/12/2011 - 19:32:24 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athr.sys [2228224]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:14/10/2013 - 19:07:16 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [952]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 88 Scanned in 00mn 11s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/08/2014 - 19:56:24 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\Usuario\AppData\Local\Temp\1FEDtmp\flash_player_14_plugin.exe [19178160]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\208Atmp\cloud_backup_setup.exe [73816]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2118tmp\setup.exe [8427248]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2157tmp\freesofttoday.exe [3317296] =>Adware.FreeSoftToday
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2177tmp\vopackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2291tmp\installer.exe [10196088]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\22E1tmp\ads.exe [1433036]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\CloudBackup417.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\gentlemjfst_ibr.exe [1931432]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_secureprotect_installer_multilang.exe [426448]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_togglemark_installer_multilang.exe [426056]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\22B1tmp\speedupmypc.exe [1291368] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\SpeedUpMyPC-standalone-setup.exe [18464440] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Maxthon International ltd..) -- C:\Users\Usuario\AppData\Local\Temp\mx_offline\mx_setup.exe [39403688]
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\vcredist_x86.exe [4216840]
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\Uninstall.exe [118801] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\VOPackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\Firefox Setup Stub 31.0.exe [244272]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\ccleaner-4-16-4736-32-bits.exe [689200]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\flash_player_14_plugin.exe [1583312]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Google Inc..) -- C:\Users\Usuario\Downloads\ChromeSetup (2).exe [895120]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Opera Software.) -- C:\Users\Usuario\Downloads\Opera_NI_next.exe [868800]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Piriform Ltd.) -- C:\Users\Usuario\Downloads\ccleaner-4-16-4736-32-bits [1].exe [4813544]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_secureprotect_installer_multilang.exe [426312]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_togglemark_installer_multilang.exe [426072]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\ToggleMarkUntemp.exe [543520]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\gentlemjfst_ibr.exe [1931560]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\IpConfig.dll [117248]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\WmiInspector.dll [106496]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\inetc.dll [20992]
O61 - LFC: 29/08/2014 - 19:56:28 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\storage.bin [105296] =>PUP.ContentExplorer
O61 - LFC: 29/08/2014 - 19:56:52 ---A- . (.Badoo.) -- C:\Users\Usuario\Downloads\badoo.desktop.installer-1.6.58.exe [3225360]
~ 254 Fichiers temporaires (Temporary files)
~ 15 Fichiers cookies (Cookies files)
~ Files: 37 Scanned in 00mn 50s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswRdr2.sys (aswRdr) .(.AVAST Software - avast! WFP Redirect Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - 01/08/2014 - C:\Windows\System32\Drivers\aswRvrt.sys (aswRvrt) .(...) - LEGACY_ASWRVRT
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - 01/08/2014 - C:\Windows\System32\Drivers\aswVmm.sys (aswVmm) .(...) - LEGACY_ASWVMM
O64 - Services: CurCS - 16/06/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdApiUtil.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 16/06/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 13/06/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 17/07/2014 - C:\Windows\System32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 25/07/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 09/08/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}w) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W =>PUP.LinkiDoo
O64 - Services: CurCS - 22/08/2014 - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) .(.StdLib - StdLib.) - LEGACY_{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W =>PUP.LinkiDoo
O64 - Services: CurCS - 15/05/2008 - C:\Program Files\CyberLink\PowerDVD8\000.fcl ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) .(.Cyberlink Corp. - FCL Driver.) - LEGACY_{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
~ Legacy: 98 Scanned in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Comodo\IceDragon\icedragon.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Next.) -- C:\Program Files\Opera Next\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.keepAliveLastevent", "1408742961"); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225"); =>PUP.HelperBar
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN32-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN64-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN32-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN64-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
~ Files: Scanned in 02mn 08s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473600]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [521216]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1973728]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 01s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.B29E83869C302164E81F3B3D1DC51A90] [SPRF][20/01/2014] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\Usuario\Desktop\install_flashplayer12x32au_ltr5x32d_awc_aih.exe [1069512]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792]
~ Files: 5 Scanned in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Nero Scout - {3d6be802-fc0d-4595-a304-e611f97089dc}
~ MNS: 1 Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 181 Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
~ BCK: 7345 Scanned in 00mn 15s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/08/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 21/08/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 15/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 31/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 31/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe
SS - | Disabled 17/07/2014 151040 | (SupraSavingsService) . (...) - C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07\hmhfslexky.exe =>PUP.SupraSavings
SS - | Auto 07/08/2013 656976 | (VIVO INTERNET. RunOuc) . (...) - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/06/2014 2038248 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
SR - | Auto 16/06/2014 481432 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 09/08/2014 694784 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SR - | Auto 31/12/1999 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 22/08/2014 543232 | (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
SR - | Auto 31/03/2014 541696 | (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
SR - | Auto 13/09/2013 277360 | (PSI_SVC_2) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 11/07/2014 80576 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark\sparkservice.exe
SR - | Auto 31/12/1999 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 21/08/2014 543232 | (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/05/2008 61424 | ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp..) - C:\Program Files\CyberLink\PowerDVD8\000.fcl
~ Services: Scanned in 00mn 20s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ MBR: 1 Scanned in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Usuario at 29/08/2014 19:59:46
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 46

[HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae] =>PUP.Astromenda^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\mtgaotushb32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^
[HKLM\SYSTEM\CurrentControlSet\Services\vulsrsebjh32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>PUP.VuuPC^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\PIP] =>Toolbar.Ask
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae =>PUP.Astromenda^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\005 =>PUP.AdPeak^
C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Program Files\SupTab\HpUI.exe =>PUP.SupTab^
C:\Program Files\SupTab\Loader32.exe =>PUP.SupTab^
C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^
C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 =>PUP.CrossRider^
C:\Windows\Tasks\Funmoods.job =>PUP.Funmoods^
C:\Windows\System32\Tasks\Funmoods =>PUP.Funmoods^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
~ Additionnel Scan: 315528 Items scanned in 00mn 33s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Astromenda
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdPeak
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealply
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.VuuPC
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AgenceExclusive
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Vittalia
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.FreeSoftToday
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.NextLive
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdvancedSystemProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.TornTV
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 27 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

End of the scan (1555 lines in 06mn 11s)(4)
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram Sex 29 Ago 2014, 22:51

Boa Noite! Gil Raman

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
emptytemp
Firewallraz
SS - | Auto 21/08/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
SS - | Demand 21/08/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
SS - | Auto 31/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 31/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe SS - | Disabled 17/07/2014 151040 | (SupraSavingsService) . (...) - C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07\hmhfslexky.exe =>PUP.SupraSavings
SR - | Auto 09/08/2014 694784 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SR - | Auto 22/08/2014 543232 | (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
SR - | Auto 31/03/2014 541696 | (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
SR - | Auto 11/07/2014 80576 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark\sparkservice.exe   SR - | Auto 21/08/2014 543232 | (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
[MD5.10FE324D6FBCF10587A503B99B10882C] - (...) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera_crashreporter.exe [1372280] [PID.5384]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [{20A7C71D-008A-4132-9DDC-D6239052267D}] (...) -- c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C362CBD1-13DC-4885-96C3-FCF90CD613E1}] (...) -- C:\Program Files\Mobinil USB Modem\uninst.exe (.not file.) [0]
[MD5.FFE86FE57B81D5DF61E978B0B2ACE7B5] - (...) -- C:\Program Files\SupTab\HpUI.exe [724480] [PID.3996] =>PUP.SupTab
[MD5.D46415CD75DDA09F0A17D2FDA2235CB0] - (...) -- C:\Program Files\SupTab\Loader32.exe [64000] [PID.868] =>PUP.SupTab
[MD5.269D066D41B631B1F22936248E80354F] - (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] [PID.1016] =>PUP.PriceMeter
[MD5.1FB581BAADA8C87DD7A2E32FE62ED868] - (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680] [PID.3396] =>PUP.ContentExplorer
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RCP\systweakasp.exe (.not file.) [0]    
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Usuario\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]    
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [pricemetertask] (...) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeter.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.269D066D41B631B1F22936248E80354F] [APT] [pricemeterwatcher] (.PriceMeter.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [SparkUpdater] (...) -- C:\Program Files\baidu\Spark\SparkUpdate.exe (.not file.) [0]
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
G2 - GCE: Preference [User Data\Default] [pfkfdlcdbajamklbneflfbcmfgddmpae] Astromenda New Tab v.0.3.6, (Désactivé) =>PUP.Astromenda
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll    
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll    
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.HelperBar
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51319;https=127.0.0.1:51319 =>Hijacker.Proxy
O4 - HKCU\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O4 - HKCU\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
O23 - Service: mtgaotushb32 (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
O23 - Service: nuttkoqiez32 (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Spark\sparkservice.exe    
O23 - Service: vulsrsebjh32 (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core.job [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA.job [936]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA [936]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job [2896] =>PUP.CrossRider
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 [2896] =>PUP.CrossRider
O39 - APT: Funmoods - (...) -- C:\Windows\Tasks\Funmoods.job [300] =>PUP.Funmoods
O39 - APT: Funmoods - (...) -- C:\Windows\System32\Tasks\Funmoods [300] =>PUP.Funmoods
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [914]    
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [914]    
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [956] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [956] =>PUP.PriceMeter
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys =>PUP.LinkiDoo
O41 - Driver: ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys =>PUP.LinkiDoo
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Price Meter (remove only) - (.Price Meter.) [HKCU] -- Price Meter =>PUP.PriceMeter
O42 - Logiciel: Remote Desktop Access (VuuPC) - (.CMI Limited.) [HKLM] -- VOPackage =>PUP.VuuPC
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU] -- PriceMeterUpdater =>PUP.PriceMeter
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 01/08/2014 - 21:43:48 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 17:43:50 - [] ----D C:\Program Files\baidu    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\globalUpdate    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:33:22 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 28/07/2014 - 13:01:16 - [] ----D C:\ProgramData\Baidu Security    
O43 - CFD: 29/08/2014 - 14:33:05 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 04/09/2013 - 11:54:07 - [] ----D C:\ProgramData\log    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 30/11/2013 - 09:18:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security    
O43 - CFD: 29/08/2014 - 14:35:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 29/08/2014 - 14:31:16 - [] ----D C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O44 - LFC:[MD5.CC0F8A70179C0F7292A0486C6EAEDFA5] - 22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O45 - LFCP:[MD5.66654A711DABFE6D30D065F0E78D9B7A] - 29/08/2014 - 19:39:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-376284BF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.0F641B1C4E8A6387C1AB65D921AAF740] - 29/08/2014 - 17:41:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATEHANDLER.E-290574D8.pf =>PUP.PriceMeter
O58 - SDL:25/07/2014 - 16:19:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys [52880] =>PUP.LinkiDoo
O58 - SDL:09/08/2014 - 06:30:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880] =>PUP.LinkiDoo
O58 - SDL:22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2157tmp\freesofttoday.exe [3317296] =>Adware.FreeSoftToday
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2177tmp\vopackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\22B1tmp\speedupmypc.exe [1291368] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\SpeedUpMyPC-standalone-setup.exe [18464440] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\Uninstall.exe [118801] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\VOPackage.exe [291464] =>Adware.Downware
O61 - LFC: 29/08/2014 - 19:56:28 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\storage.bin [105296] =>PUP.ContentExplorer
O64 - Services: CurCS - 25/07/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 09/08/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}w) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W =>PUP.LinkiDoo
O64 - Services: CurCS - 22/08/2014 - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) .(.StdLib - StdLib.) - LEGACY_{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W =>PUP.LinkiDoo
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.keepAliveLastevent", "1408742961"); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225"); =>PUP.HelperBar
O44 - LFC:[MD5.222FEC6A9BBCC5186A1D111EE525F896] - 27/08/2014 - 11:50:29 ---A- . (...) -- C:\zoek-results.log [67158]
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O61 - LFC: 22/08/2014 - 19:56:24 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\Usuario\AppData\Local\Temp\1FEDtmp\flash_player_14_plugin.exe [19178160]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\208Atmp\cloud_backup_setup.exe [73816]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2118tmp\setup.exe [8427248]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2291tmp\installer.exe [10196088]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\22E1tmp\ads.exe [1433036]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\CloudBackup417.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\gentlemjfst_ibr.exe [1931432]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_secureprotect_installer_multilang.exe [426448]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_togglemark_installer_multilang.exe [426056]
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Maxthon International ltd..) -- C:\Users\Usuario\AppData\Local\Temp\mx_offline\mx_setup.exe [39403688]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_secureprotect_installer_multilang.exe [426312]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_togglemark_installer_multilang.exe [426072]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\ToggleMarkUntemp.exe [543520]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\gentlemjfst_ibr.exe [1931560]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\IpConfig.dll [117248]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\WmiInspector.dll [106496]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\inetc.dll [20992]
[HKLM\Software\PIP]    
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Headlight]  
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Baidu Security]    
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\globalUpdate]    
[HKLM\Software\Baidu Security]    
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\GlobalUpdate]    
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\suprasavings] =>PUP.SupraSavings
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae] =>PUP.Astromenda^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\mtgaotushb32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^
[HKLM\SYSTEM\CurrentControlSet\Services\vulsrsebjh32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>PUP.VuuPC^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae =>PUP.Astromenda^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\005 =>PUP.AdPeak^
C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Program Files\SupTab\HpUI.exe =>PUP.SupTab^
C:\Program Files\SupTab\Loader32.exe =>PUP.SupTab^
C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^
C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 =>PUP.CrossRider^
C:\Windows\Tasks\Funmoods.job =>PUP.Funmoods^
C:\Windows\System32\Tasks\Funmoods =>PUP.Funmoods^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Baidu Security
C:\ProgramData\Baidu Security
C:\Program Files\baidu
ServiceStop:{55dce8ba-9dec-4013-937e-adbf9317d990}Gw
ServiceStop:{55dce8ba-9dec-4013-937e-adbf9317d990}w
ServiceStop:{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w
ServiceStop:IePluginServices
ServiceStop:globalUpdate
ServiceStop:mtgaotushb32
ServiceStop:nuttkoqiez32
ServiceStop:pricemeterliveUpdate
ServiceStop:SparkSvc
ServiceStop:vulsrsebjh32
ServiceStop:BAVSvc
ServiceStop:BHipsSvc
Emptyprefetch
Emptyclsid
Emptyflash
Ifeofix


|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Relatório ZHPfix

Mensagem por Gil Raman Sex 29 Ago 2014, 23:28

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Usuario at 29/08/2014 23:27:39
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 20s)
Prefetcher vazio

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\update~1\updateproc\updatetask.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\local\pricemeter\uninst.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\vopackage\uninstall.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\pricemeterupdater\updateproc\updatetask.exe
AUSENTE Uninstall Process: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\SupTab\Loader32.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe

========== Estado dos serviços ==========
{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW Parado
{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W Parado
{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W Parado
{55dce8ba-9dec-4013-937e-adbf9317d990}Gw Parado
{55dce8ba-9dec-4013-937e-adbf9317d990}w Parado
{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w Parado
IePluginServices Parado
globalUpdate Parado
mtgaotushb32 Parado
nuttkoqiez32 Parado
pricemeterliveUpdate Parado
SparkSvc Parado
vulsrsebjh32 Parado
BAVSvc Parado
BHipsSvc Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter]
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater]
ELIMINÉ: Service: globalUpdate
ELIMINÉ: Service: globalUpdatem
ELIMINÉ: Service: pricemeterliveUpdate
ELIMINÉ: Service: pricemeterliveUpdatem
ELIMINÉ: Service: IePluginServices
ELIMINÉ: Service: mtgaotushb32
ELIMINÉ: Service: nuttkoqiez32
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4
ELIMINÉ: Mozilla Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
ELIMINÉ: Mozilla Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
ELIMINÉ: Service: SparkSvc
ELIMINÉ: Service: vulsrsebjh32
ELIMINÉ Driver Key: {55dce8ba-9dec-4013-937e-adbf9317d990}Gw
ELIMINÉ Driver Key: {55dce8ba-9dec-4013-937e-adbf9317d990}w
ELIMINÉ Driver Key: {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w
ELIMINÉ: StartupReg: NeroFilterCheck
ELIMINÉ: HKLM\Software\PIP
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
ELIMINÉ: HKCU\Software\Headlight
ELIMINÉ: HKCU\Software\AppDataLow\Software\suprasavings
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterLiveUpdate
ELIMINÉ: HKCU\Software\SaveSenseLive
ELIMINÉ: HKCU\Software\SupHpUISoft
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\Vittalia
ELIMINÉ: HKCU\Software\WSE_Astromenda
ELIMINÉ: HKCU\Software\freesofttoday
ELIMINÉ: HKCU\Software\globalUpdate
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Coupon Downloader
ELIMINÉ: HKLM\Software\FREESOFTTODAY
ELIMINÉ: HKLM\Software\GlobalUpdate
ELIMINÉ: HKLM\Software\LevelQualityWatcher
ELIMINÉ: HKLM\Software\PriceMeterLiveUpdate
ELIMINÉ: HKLM\Software\SaveSenseLive
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ: HKLM\Software\Supra Savings
ELIMINÉ: HKLM\Software\Tutorials
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWPM
ELIMINÉ: HKLM\Software\supWindowsMangerProtect
ELIMINÉ: HKLM\Software\suprasavings
ELIMINÉ: HKLM\Software\webssearchesSoftware
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
ELIMINÉ: HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
ELIMINÉ: HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
ELIMINÉ: HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
ELIMINÉ: HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
ELIMINÉ: HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
ELIMINÉ: HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
ELIMINÉ: HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}
ELIMINÉ: HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
ELIMINÉ: HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
ELIMINÉ: HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
ELIMINÉ: HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
ELIMINÉ: HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}
ELIMINÉ: HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}
ELIMINÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Ramo Base de Registos IFEO não infetado !

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : {C2FC0F63-450D-4726-9AC3-488E922E63B0}
ELIMINÉ: FirewallRaz (Public) : {835771F7-EE88-4CC1-B6FB-2F47E79AA6D2}
ELIMINÉ: FirewallRaz (Public) : {0058A188-C017-4938-8603-CE2B7593797F}
ELIMINÉ: FirewallRaz (Public) : {4D208F8A-97F9-4357-BCAD-9A56DFFE703B}
ELIMINÉ: FirewallRaz (Public) : {DD017F28-B658-4AD9-8120-F3832DCEF498}
ELIMINÉ: FirewallRaz (Public) : {2AC1DA99-3F57-44DE-A9E8-EB67EC90F093}
ELIMINÉ: FirewallRaz (Public) : {594CD57C-CAC1-42D6-8066-FA53EC709491}
ELIMINÉ: FirewallRaz (Public) : {4FE0FD9C-DFDF-4559-A088-633FA314DCFB}
ELIMINÉ: RegExtension: {e4f94d1e-2f53-401e-8885-681602c0ddd8}
ELIMINÉ RunValue: GuUnacE
ELIMINÉ RunValue: PriceMeterW

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = <-loopback>

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.DockingPositionDown", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.Visibility", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.keepAliveLastevent", "1408742961");
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225");

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (258) (198.236.366 octets)
ELIMINA REINICIAR: c:\program files\globalupdate\update\googleupdate.exe
ELIMINA REINICIAR: c:\program files\pricemeterliveupdate\update\pricemeterliveupdate.exe
ELIMINA REINICIAR: c:\programdata\iepluginservices\pluginservice.exe
ELIMINA REINICIAR: c:\program files\005\mtgaotushb32.exe
ELIMINA REINICIAR: c:\program files\003\nuttkoqiez32.exe
ELIMINÉ: c:\users\usuario\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ: c:\program files\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
ELIMINÉ: c:\program files\pricemeterliveupdate\update\1.3.23.0\npgoogleupdate3.dll
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\programdata\iepluginservices\pluginservice.exe
ELIMINÉ: c:\program files\005\mtgaotushb32.exe
ELIMINÉ: c:\program files\003\nuttkoqiez32.exe
ELIMINA REINICIAR: c:\program files\baidu\spark\sparkservice.exe
ELIMINA REINICIAR: c:\program files\005\vulsrsebjh32.exe
ELIMINÉ: c:\windows\tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job
ELIMINÉ: c:\windows\system32\tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4
ELIMINÉ: c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys
ELIMINÉ: c:\windows\prefetch\pricemeterliveupdate.exe-376284bf.pf
ELIMINÉ: c:\windows\prefetch\pricemeterliveupdatehandler.e-290574d8.pf
ELIMINÉ: c:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}gw.sys
ELIMINÉ: c:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
ELIMINÉ: c:\zoek-results.log
ELIMINÉ: c:\program files\common files\ahead\lib\nerocheck.exe
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA
ELIMINÉ: {20A7C71D-008A-4132-9DDC-D6239052267D}
ELIMINÉ: {C362CBD1-13DC-4885-96C3-FCF90CD613E1}
ELIMINÉ: ASP
ELIMINÉ: Funmoods
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: LaunchSignup
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineCore
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineCore
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineUA
ELIMINÉ: pricemetertask
ELIMINÉ: pricemeterwatcher
ELIMINÉ: SparkUpdater
ELIMINÉ: SparkUpdater


========== Recapitulativo ==========
2 : Processo memória
77 : Chaves do Registo
13 : Valores do Registo
5 : Elementos dos dados do Registo
2 : Pastas
30 : Ficheiros
6 : Softwares
4 : Preferências do navegador
15 : Estado dos serviços
16 : Tarefa planificada


End of clean in 05mn 43s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 23:28:00 [11545]
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram Sex 29 Ago 2014, 23:44

Boa Noite! Gil Raman

|- Poste outro relatório da ferramenta ZHPDiag,na opção COMPLETA.
|- Disponibilize o log em Cjoint.com.

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty relatório completo

Mensagem por Gil Raman Sáb 30 Ago 2014, 00:35

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram Sáb 30 Ago 2014, 01:10

Bom Dia! Gil Raman

|- Removi o Script,pois trata-se do relatório anterior,que vc disponibilizou em Cjoint.com.
|- Vc terá que executar,novamente,ZHPDiag e postar um novo relatório.

A+


Última edição por joram em Sáb 30 Ago 2014, 01:20, editado 1 vez(es) (Motivo da edição : iag)
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos