Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking digg  Social bookmarking delicious  Social bookmarking reddit  Social bookmarking stumbleupon  Social bookmarking slashdot  Social bookmarking yahoo  Social bookmarking google  Social bookmarking blogmarks  Social bookmarking live      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14523 usuários registrados
O último usuário registrado atende pelo nome de Fabio Oliveira

Os nossos membros postaram um total de 35499 mensagens em 3606 assuntos
Últimos assuntos
» Computador lento
por lucasbitt Sex 31 Jan 2020, 11:20

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Fevereiro 2020
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
242526272829 

Calendário Calendário


Como remover Baidu e CE_umbrella

Página 1 de 2 1, 2  Seguinte

Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Como remover Baidu e CE_umbrella

Mensagem por Gil Raman em Ter 26 Ago 2014, 14:43

Estou com o Baidu PC faster e o CE_umbrella me incomodando demais, como faço para remove-los?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max em Ter 26 Ago 2014, 14:51

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Relatório AdwCleaner

Mensagem por Gil Raman em Ter 26 Ago 2014, 17:25

# AdwCleaner v3.308 - Relatório criado 26/08/2014 às 17:13:32
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Usuario - GILRAMAN
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.308.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : IePluginServices
[#] Serviço Deletada : pricemeterliveUpdate
[#] Serviço Deletada : pricemeterliveUpdatem
[#] Serviço Deletada : SupraSavingsService
Serviço Deletada : Wajam Internet Enhancer Service
Serviço Deletada : nuttkoqiez32
Serviço Deletada : mtgaotushb32
Serviço Deletada : vulsrsebjh32
Serviço Deletada : {55dce8ba-9dec-4013-937e-adbf9317d990}Gw
Serviço Deletada : {55dce8ba-9dec-4013-937e-adbf9317d990}w
Serviço Deletada : {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
[!] Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\eSupport.com
Pasta Deletada : C:\Program Files\Funmoods
[!] Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\predm
[!] Pasta Deletada : C:\Program Files\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files\SaveSenseLive
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Program Files\Wajam
Pasta Deletada : C:\Program Files\005
Pasta Deletada : C:\Users\Convidado\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\genienext
Pasta Deletada : C:\Users\Usuario\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Usuario\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\Usuario\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Claro
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmchcpboeofpnjchpaegbibodfnpmjjc
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys
Arquivo Deletada : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
Arquivo Deletada : C:\Windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys
Arquivo Deletada : C:\Users\Convidado\daemonprocess.txt
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\invalidprefs.js
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : ASP
Tarefa Deletedo : Funmoods
Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : LaunchSignup
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineCore
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineUA
Tarefa Deletedo : pricemetertask
Tarefa Deletedo : pricemeterwatcher
Tarefa Deletedo : 995536eb-10c5-4980-bbd0-ce6515700031
Tarefa Deletedo : e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11
Tarefa Deletedo : e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\598f69953a6af8a\Google Chrome Canary.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\speedupmypc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EAE2B-3B20-2E6F-A849-C126D93B6AD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\PIP
Chave Deletedo : HKCU\Software\PriceMeter
Chave Deletedo : HKCU\Software\PriceMeterLiveUpdate
Chave Deletedo : HKCU\Software\PriceMeterUpdater
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SecuredDownload
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\Vittalia
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\WSE_Astromenda
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\SOFTWARE\coupon downloader
Chave Deletedo : HKLM\SOFTWARE\FreeSoftToday
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : HKLM\SOFTWARE\PIP
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SupDp
Chave Deletedo : HKLM\SOFTWARE\Supra Savings
Chave Deletedo : HKLM\SOFTWARE\suprasavings
Chave Deletedo : HKLM\SOFTWARE\SupTab
Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\supWPM
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Uniblue
Chave Deletedo : HKLM\SOFTWARE\Wajam
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17239

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\prefs.js ]

Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.keepAliveLastevent", "1408742961");
Linha deletada : user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225");

-\\ Google Chrome v36.0.1985.143

[ Arquivo : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Homepage] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Homepage] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [29255 octets] - [26/08/2014 17:07:45]
AdwCleaner[S0].txt - [25934 octets] - [26/08/2014 17:13:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25995 octets] ##########
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Ainda aparece o Aviso CE_umbrellacert e Pasta Baidu

Mensagem por Gil Raman em Ter 26 Ago 2014, 17:29

Ainda surge a janela de aviso CE_umbrellacert e apesar de ter elimindado arquivos Baidu, mas no driver C ainda se encontra a pasta do Baidu.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max em Ter 26 Ago 2014, 23:39

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Segue relatório do Junkware Removal Tool (JRT)

Mensagem por Gil Raman em Qua 27 Ago 2014, 10:56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Usuario on 27/08/2014 at 10:44:05,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted: [File] C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\invalidprefs.js
Emptied folder: C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/08/2014 at 10:53:22,66
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max em Qua 27 Ago 2014, 11:00

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;
emptyfolderscheck;delete
Baidu;z
Baidu;a


*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Usei o Zoek e meu problema aumentou

Mensagem por Gil Raman em Qui 28 Ago 2014, 16:59

Estou em outro Not, pq ontem depois que terminei de usar o Zoek, quando reiniciou e saiu o relatório a minha conexão não abriu mais. Tenho sinal mas o meu not só aparece a mensagem de: "O dispositivo ou recurso remoto não aceitará a conexão" quando faço o diagnóstico de rede do Windows.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Power Max em Qui 28 Ago 2014, 22:53

O problema é que o Umbrella às vezes faz isso para dificultar a desinstalação dele.

Faça uma restauração do sistema para algum dia antes do problema acontecer e nos diga se a internet voltou.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty k, farei isso e amanhã postarei!

Mensagem por Gil Raman em Qui 28 Ago 2014, 23:04

Amanhã farei a restauração e postarei!

brigado e boa noite.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Restauração feita e com sucesso!

Mensagem por Gil Raman em Sex 29 Ago 2014, 16:43

Fiz a restauração, deu certo e agora o baidú continua nos arquivos. Porém fiz uma busca na pesquisa do note e não encontrei o Certificado Umbrella. O que devo fazer para eliminar o Baidu?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram em Sex 29 Ago 2014, 17:17

Gil Raman escreveu:Fiz a restauração, deu certo e agora o baidú continua nos arquivos. Porém fiz uma busca na pesquisa do note e não encontrei o Certificado Umbrella. O que devo fazer para eliminar o Baidu?
Boa Tarde! Gil Raman

|- Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Maiores informações: < |Link| >

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Fiz novamente o JRT!

Mensagem por Gil Raman em Sex 29 Ago 2014, 18:12

Antes de vc postar eu resolvi refazer o JRT e pelo menos o baidu ficou neutralizado, porém ainda contando as pastas dele no C sem conseguir exclui-la pela lixeira. Segue relatório.

Farei este dai agora.
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Relatório JRT

Mensagem por Gil Raman em Sex 29 Ago 2014, 18:13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Usuario on 29/08/2014 at 17:42:10,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeperUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
Successfully disinfected: [Shortcut] C:\Users\Usuario\AppData\Roaming\microsoft\windows\start menu\Programs\Search.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\systweak"
Failed to delete: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Folder] "C:\Program Files\funmoods"



~~~ FireFox

Successfully deleted: [File] C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\user.js
Successfully deleted the following from C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\gqsbjvu4.default\prefs.js

user_pref("browser.search.defaultenginename", "Web Search");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/08/2014 at 17:52:18,78
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram em Sex 29 Ago 2014, 20:00

Boa Noite! Gil Raman

|- Poste o log de ZHPDiag,para removermos os resquícios do Baidu.

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Posso postar em etapas?

Mensagem por Gil Raman em Sex 29 Ago 2014, 20:06

Como o log é extenso, poderia posta-lo em etapas?
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty 01 ZHPDiag Log

Mensagem por Gil Raman em Sex 29 Ago 2014, 20:12

~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Usuario (29/08/2014 19:54:12)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Desativado pelo Utilizador
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17239
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.143 (Defaut)
OPIE: Opera vNext 24.0.1558.43
OPIE: Opera vNext 24.0.1558.51

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.16

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 21

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 56 GB (50%) free of 111 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GILRAMAN
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 56 Go of 111 Go)
D: Hard drive, Flash drive, Thumb drive (Free 154 Go of 166 Go)
E: CD-ROM drive (Free 1 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 46 Scanned in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2014 - 07:05:23.) -- C:\Windows\System32\wininet.dll [1792512]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/1185
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/674
~ Mon Bureau (My Desktop) : 1/16
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 07s



---\\ Processos lançados
[MD5.9A30BDDE96721FE6D6B2BA0593F69C81] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3580]
[MD5.FEC63BCD1A1DDE7A990223D0F12655D7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [177944] [PID.3588]
[MD5.91198EFE940F26237122FC1CE8B785E9] - (.No owner - Torpedo.) -- C:\Program Files\Wifi Protector BI\995536eb-10c5-4980-bbd0-ce6515700031.exe [32104] [PID.3856]
[MD5.FFE86FE57B81D5DF61E978B0B2ACE7B5] - (...) -- C:\Program Files\SupTab\HpUI.exe [724480] [PID.3996] =>PUP.SupTab
[MD5.7D58C9BDF9C0A3955BDCDE7387AD12AC] - (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.4048]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.4064]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896] [PID.4084]
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe [1704296] [PID.3052]
[MD5.D46415CD75DDA09F0A17D2FDA2235CB0] - (...) -- C:\Program Files\SupTab\Loader32.exe [64000] [PID.868] =>PUP.SupTab
[MD5.269D066D41B631B1F22936248E80354F] - (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] [PID.1016] =>PUP.PriceMeter
[MD5.1FB581BAADA8C87DD7A2E32FE62ED868] - (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680] [PID.3396] =>PUP.ContentExplorer
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.2092]
[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [54240] [PID.5344]
[MD5.C6A991D7DF17EBD8DE4739CD1F283133] - (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe [646144] [PID.3672]
[MD5.6C66AB9AE728F5A761F9322E92B38A74] - (.Opera Software - Opera Next.) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera.exe [47868536] [PID.5524]
[MD5.10FE324D6FBCF10587A503B99B10882C] - (...) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera_crashreporter.exe [1372280] [PID.5384]
[MD5.0BDAE865738D27A4D84D50591C8C9D2D] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3792]
[MD5.E8F28312EC0211C7A9C5E344730EE312] - (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe [1067280] [PID.4480]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.5992]
~ Processes Running: Scanned in 00mn 04s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Docs v.0.7 (Activé)
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Pesquisa do Google v.0.0.0.20 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2022.121, (Désactivé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pfkfdlcdbajamklbneflfbcmfgddmpae] Astromenda New Tab v.0.3.6, (Désactivé) =>PUP.Astromenda
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [Google Docs]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [Google Drive]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [Pesquisa do Google]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
G2 - EXT: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [Gmail]
~ Google Lines Browser: 25 Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\gqsbjvu4.default\prefs.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll =>.Google Inc
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.21.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.21.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.21.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Usuario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: 13 Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 17 Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51319;https=127.0.0.1:51319 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (27)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} Chave orfã
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {ca3eae2b-3b20-2e6f-a849-c126d93b6ad3} Chave orfã
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll
~ BHO: 14 Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
~ Global Startup: 3 Scanned in 00mn 05s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [fst_br_298] C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] . (...) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKCU\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKCU\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [HW_OPENEYE_OUC_] . (...) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
~ Application: Scanned in 00mn 00s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty 02 ZHPDiag Log

Mensagem por Gil Raman em Sex 29 Ago 2014, 20:13


---\\ Icones das opções IE invisiveis no painel das configurações (05)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ IE Control Panel: 1 Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 7 Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A817D5FF-CE70-43A2-A71B-60F1796265F5}: DhcpNameServer = 10.5.50.1 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{FD392B38-1945-4ED9-9E01-4763C47CAF4C}: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 8.8.8.8 10.5.50.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ SSODL: 1 Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: mtgaotushb32 (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
O23 - Service: nuttkoqiez32 (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) . (.arvato digital services llc - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Spark\sparkservice.exe
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VIVO INTERNET. OUC (VIVO INTERNET. RunOuc) . (...) - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O23 - Service: vulsrsebjh32 (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
O23 - Service: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\CyberLink\PowerDVD8\000.fcl
~ Services: 18 Scanned in 00mn 14s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 2 Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.91198EFE940F26237122FC1CE8B785E9] [APT] [995536eb-10c5-4980-bbd0-ce6515700031] (...) -- C:\Program Files\Wifi Protector BI\995536eb-10c5-4980-bbd0-ce6515700031.exe [32104]
[MD5.9E5197D65BA34A4DB45B8BEFC3288C23] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320]
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RCP\systweakasp.exe (.not file.) [0]
[MD5.1AD8512A5C40AD1A0558498D8E0AC2AA] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [808448]
[MD5.B269D6C6957BE7C32633C197F6CD0F56] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavUpdater.exe [2883736]
[MD5.88077CF32319BEE612C82EBF54680DE8] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [4626712]
[MD5.5F88662809D795645336F60ABAD896E8] [APT] [e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11] (.WFprotect.) -- C:\Program Files\Wifi Protector BI\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11.exe [1922920]
[MD5.A1523EEACE37D8C2F1F7C663D6F778A3] [APT] [e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4] (.WFprotect.) -- C:\Program Files\Wifi Protector BI\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.exe [1443688]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Usuario\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.1A5ED0D77840B4AA76DBE16E2AF8F4E3] [APT] [Opera scheduled Autoupdate 1408742278] (.Opera Software.) -- C:\Program Files\Opera Next\launcher.exe [256632]
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [pricemetertask] (...) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeter.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.269D066D41B631B1F22936248E80354F] [APT] [pricemeterwatcher] (.PriceMeter.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [SparkUpdater] (...) -- C:\Program Files\baidu\Spark\SparkUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{20A7C71D-008A-4132-9DDC-D6239052267D}] (...) -- c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe (.not file.) [0]
[MD5.0BDAE865738D27A4D84D50591C8C9D2D] [APT] [{8EB82932-EEF3-4CF2-83AE-576841232435}] (.Google Inc..) -- c:\program files\google\chrome\application\chrome.exe [860488]
[MD5.00000000000000000000000000000000] [APT] [{C362CBD1-13DC-4885-96C3-FCF90CD613E1}] (...) -- C:\Program Files\Mobinil USB Modem\uninst.exe (.not file.) [0]
O39 - APT: 995536eb-10c5-4980-bbd0-ce6515700031 - (...) -- C:\Windows\Tasks\995536eb-10c5-4980-bbd0-ce6515700031.job [632]
O39 - APT: 995536eb-10c5-4980-bbd0-ce6515700031 - (...) -- C:\Windows\System32\Tasks\995536eb-10c5-4980-bbd0-ce6515700031 [632]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11.job [4484]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-11 [4484]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job [2896] =>PUP.CrossRider
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 [2896] =>PUP.CrossRider
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core.job [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA.job [936]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA [936]
O39 - APT: Funmoods - (...) -- C:\Windows\Tasks\Funmoods.job [300] =>PUP.Funmoods
O39 - APT: Funmoods - (...) -- C:\Windows\System32\Tasks\Funmoods [300] =>PUP.Funmoods
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [914]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [914]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [956] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [956] =>PUP.PriceMeter
~ Scheduled Task: 46 Scanned in 00mn 15s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
~ Active Setup: 10 Scanned in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - avast! Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - avast! self protection module.) - C:\Windows\system32\drivers\aswSP.sys
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (netfilter) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\netfilter.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys =>PUP.LinkiDoo
O41 - Driver: ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys =>PUP.LinkiDoo
~ Drivers: 99 Scanned in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: Adobe Flash Player 14 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 14 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader XI (11.0.02) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] -- {28006915-2739-4EBE-B5E8-49B25D32EB33}
O42 - Logiciel: Badoo Desktop - (.Badoo.) [HKLM] -- {D91D71FB-C52E-440D-8A78-5E5E05487DA0}
O42 - Logiciel: Baidu Antivirus - (.Baidu, Inc..) [HKLM] -- Baidu Antivirus
O42 - Logiciel: Biblia Eletrônica 2.7.7 - (.RkSoft Desenvolvimentos.) [HKLM] -- Biblia Eletrônica_is1
O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{B865FDD4-E96E-4166-BB69-6E8C207E3E29}
O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {B865FDD4-E96E-4166-BB69-6E8C207E3E29}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - (.Corel Corporation.) [HKLM] -- _{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - IPM Content - (.Corel Corporation.) [HKLM] -- {657EAD32-8E7A-43C0-A794-3BB31B00DC34}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - IPM T - (.Corel Corporation.) [HKLM] -- {D29A4F85-0FB7-4E54-B591-044652C4295F}
O42 - Logiciel: CorelDRAW Graphics Suite X7 - Writing Tools - (. Corel Corporation.) [HKLM] -- {246FE426-2661-4DD6-9603-DF2E6832387C}
O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} =>.Google Inc
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Java 7 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217021FF}
O42 - Logiciel: K-Lite Mega Codec Pack 6.7.0 - (...) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Mozilla Firefox 31.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 31.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {4908C75E-E5E2-43F7-B1DF-023CBA831046}
O42 - Logiciel: Opera Next 24.0.1558.43 - (.Opera Software ASA.) [HKLM] -- Opera 24.0.1558.43
O42 - Logiciel: Opera Next 24.0.1558.51 - (.Opera Software ASA.) [HKLM] -- Opera 24.0.1558.51
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: Price Meter (remove only) - (.Price Meter.) [HKCU] -- Price Meter =>PUP.PriceMeter
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Remote Desktop Access (VuuPC) - (.CMI Limited.) [HKLM] -- VOPackage =>PUP.VuuPC
O42 - Logiciel: Revo Uninstaller 1.95 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: SlimDrivers - (.SlimWare Utilities, Inc..) [HKLM] -- {3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}
O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU] -- PriceMeterUpdater =>PUP.PriceMeter
O42 - Logiciel: VIVO INTERNET - (.Huawei Technologies Co.,Ltd.) [HKLM] -- VIVO INTERNET
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM] -- Wifi Protector BI
O42 - Logiciel: WinRAR 4.20 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher
O42 - Logiciel: avast! Free Antivirus v9.0.2021 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 48 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\AlterGeo]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Badoo]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKCU\Software\Bitstream]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\Corel]
[HKCU\Software\Cyberlink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Facebook]
[HKCU\Software\Fredi Giesbrecht]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\Headlight]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Licenses]
[HKCU\Software\MCAFEE]
[HKCU\Software\MONOGRAM]
[HKCU\Software\Macromedia]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Opera Software]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\Protexis]
[HKCU\Software\Reg]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\SecuredDownload]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SlimWare Utilities Inc]
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider
[HKCU\Software\Trolltech]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\globalUpdate]
[HKCU\Software\kde.org]
[HKCU\Software\madFlac]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\Atheros]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Bitstream]
[HKLM\Software\C6CAB4CF-DAB9-45B9-AE9A-961145402E07]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\ComodoGroup]
[HKLM\Software\Corel]
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKLM\Software\CyberLink]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\Gabest]
[HKLM\Software\GlobalUpdate]
[HKLM\Software\Google]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IM Providers]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Kodak]
[HKLM\Software\Lake]
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\Macromedia]
[HKLM\Software\MaxPower]
[HKLM\Software\McAfee.com]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\Optimal Software sro]
[HKLM\Software\PDFCreator]
[HKLM\Software\PIP]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKLM\Software\Protexis]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\Reg]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RkSoft]
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\Skype]
[HKLM\Software\SlimWare Utilities Inc]
[HKLM\Software\Sonic]
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SuppHelpDir]
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Uniblue]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\ahead]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\mozilla.org]
[HKLM\Software\mugen]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\suprasavings] =>PUP.SupraSavings
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches
~ Key Software: 237 Scanned in 00mn 00s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty 03 ZHPDiag Log

Mensagem por Gil Raman em Sex 29 Ago 2014, 20:15


---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 07/10/2013 - 00:06:54 - [] ----D C:\Program Files\Adobe
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\Program Files\Arquivos Comuns
O43 - CFD: 15/08/2013 - 14:24:42 - [] ----D C:\Program Files\Atheros
O43 - CFD: 04/11/2013 - 08:36:14 - [] ----D C:\Program Files\Atube
O43 - CFD: 15/08/2013 - 15:14:33 - [] ----D C:\Program Files\AVAST Software
O43 - CFD: 29/08/2014 - 17:43:50 - [] ----D C:\Program Files\baidu
O43 - CFD: 01/08/2014 - 21:43:07 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 25/07/2014 - 13:41:15 - [] ----D C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07
O43 - CFD: 22/08/2014 - 13:46:36 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 19/05/2014 - 10:25:46 - [] ----D C:\Program Files\Common Files
O43 - CFD: 31/03/2014 - 13:04:07 - [] ----D C:\Program Files\Corel
O43 - CFD: 15/08/2013 - 11:46:55 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 04/11/2013 - 08:35:19 - [] ----D C:\Program Files\DsNET Corp
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\DVD Maker
O43 - CFD: 16/10/2013 - 10:38:57 - [] ----D C:\Program Files\FormatFactory
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\globalUpdate
O43 - CFD: 21/08/2014 - 22:19:10 - [] ----D C:\Program Files\Google
O43 - CFD: 07/10/2013 - 00:06:54 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 15/08/2013 - 14:57:03 - [] ----D C:\Program Files\Intel
O43 - CFD: 22/08/2014 - 01:00:48 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 16/10/2013 - 10:40:05 - [] ----D C:\Program Files\iTunes
O43 - CFD: 15/08/2013 - 11:42:50 - [] ----D C:\Program Files\Java
O43 - CFD: 15/08/2013 - 11:37:26 - [] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 14/07/2009 - 05:53:52 - [] ----D C:\Program Files\Microsoft Games
O43 - CFD: 14/11/2013 - 14:04:59 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 16/10/2013 - 11:47:00 - [] ----D C:\Program Files\Microsoft SDKs
O43 - CFD: 15/08/2013 - 11:27:31 - [] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 15/08/2013 - 11:25:12 - [] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 16/10/2013 - 11:47:39 - [] ----D C:\Program Files\Microsoft Visual Studio 9.0
O43 - CFD: 16/10/2013 - 00:08:25 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 16/10/2013 - 11:25:13 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 22/08/2014 - 17:56:34 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 22/08/2014 - 17:56:18 - [] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 15/08/2013 - 11:27:57 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 15/08/2013 - 11:50:57 - [] ----D C:\Program Files\Nero
O43 - CFD: 29/08/2014 - 14:42:35 - [] ----D C:\Program Files\Opera Next
O43 - CFD: 15/08/2013 - 11:36:55 - [] ----D C:\Program Files\PDFCreator
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 15/08/2013 - 14:59:32 - [] ----D C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 01:52:30 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 07/10/2013 - 00:20:41 - [] ----D C:\Program Files\RkSoft
O43 - CFD: 05/03/2014 - 09:12:53 - [] R---D C:\Program Files\Skype
O43 - CFD: 15/08/2013 - 14:32:41 - [] ----D C:\Program Files\SlimDrivers
O43 - CFD: 16/10/2013 - 10:41:07 - [] ----D C:\Program Files\sunavimapdata
O43 - CFD: 29/08/2014 - 14:33:22 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 14/07/2009 - 01:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 25/08/2013 - 21:12:07 - [] ----D C:\Program Files\Vivo
O43 - CFD: 30/06/2014 - 13:21:55 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 04/10/2013 - 18:25:05 - [] ----D C:\Program Files\VS Revo Group
O43 - CFD: 21/08/2014 - 21:58:13 - [] ----D C:\Program Files\Wifi Protector BI
O43 - CFD: 11/10/2013 - 15:51:09 - [] ----D C:\Program Files\Windows Defender
O43 - CFD: 10/07/2014 - 11:12:43 - [] ----D C:\Program Files\Windows Journal
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 15/08/2013 - 11:13:21 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 07/10/2013 - 03:30:36 - [] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 07/10/2013 - 03:30:37 - [] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 21/02/2014 - 06:29:48 - [] ----D C:\Program Files\WinRAR
O43 - CFD: 29/08/2014 - 19:52:14 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 07/10/2013 - 00:11:38 - [] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 15/08/2013 - 11:52:14 - [] ----D C:\Program Files\Common Files\Ahead
O43 - CFD: 31/03/2014 - 04:12:54 - [] ----D C:\Program Files\Common Files\Corel
O43 - CFD: 15/08/2013 - 11:46:48 - [] ----D C:\Program Files\Common Files\CyberLink
O43 - CFD: 19/05/2014 - 10:25:46 - [] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 07/10/2013 - 00:18:33 - [] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 15/08/2013 - 14:54:31 - [] ----D C:\Program Files\Common Files\Intel
O43 - CFD: 15/08/2013 - 11:43:18 - [] ----D C:\Program Files\Common Files\Java
O43 - CFD: 18/10/2013 - 13:12:21 - [] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 15/08/2013 - 14:55:58 - [] ----D C:\Program Files\Common Files\postureAgent
O43 - CFD: 01/12/2013 - 00:11:56 - [] ----D C:\Program Files\Common Files\Protexis
O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\Services
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\Program Files\Common Files\Sistema
O43 - CFD: 15/08/2013 - 14:31:35 - [] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 13/07/2009 - 23:37:05 - [] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/10/2013 - 12:18:18 - [] ----D C:\Program Files\Common Files\System
O43 - CFD: 30/03/2014 - 22:59:16 - [] ----D C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 18/08/2014 - 22:51:04 - [] ----D C:\ProgramData\Adobe
O43 - CFD: 25/07/2014 - 14:36:12 - [] ----D C:\ProgramData\Apple
O43 - CFD: 25/07/2014 - 14:37:16 - [] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Application Data
O43 - CFD: 15/08/2013 - 14:24:39 - [] ----D C:\ProgramData\Atheros
O43 - CFD: 30/10/2013 - 23:38:58 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 29/08/2014 - 19:29:54 - [] ----D C:\ProgramData\Badoo
O43 - CFD: 28/07/2014 - 13:01:16 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 17/10/2013 - 20:48:22 - [] ----D C:\ProgramData\Bitstream
O43 - CFD: 31/03/2014 - 12:49:50 - [] ----D C:\ProgramData\Corel
O43 - CFD: 03/12/2013 - 22:10:08 - [] ----D C:\ProgramData\CyberLink
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Dados de aplicativos
O43 - CFD: 01/08/2014 - 20:45:09 - [] ----D C:\ProgramData\DatacardService
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Desktop
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Favorites
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Favoritos
O43 - CFD: 29/08/2014 - 14:33:05 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 07/10/2013 - 00:19:02 - [] ----D C:\ProgramData\InstallShield
O43 - CFD: 04/09/2013 - 11:54:07 - [] ----D C:\ProgramData\log
O43 - CFD: 13/10/2013 - 23:25:04 - [] ----D C:\ProgramData\McAfee
O43 - CFD: 01/08/2014 - 21:43:48 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 15/08/2013 - 11:13:20 - [] -SH-D C:\ProgramData\Menu Iniciar
O43 - CFD: 03/06/2014 - 14:31:14 - [] -S--D C:\ProgramData\Microsoft
O43 - CFD: 21/08/2014 - 01:39:45 - [] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 15/08/2013 - 11:13:21 - [] -SH-D C:\ProgramData\Modelos
O43 - CFD: 15/08/2013 - 11:37:41 - [] ----D C:\ProgramData\Mozilla
O43 - CFD: 15/08/2013 - 11:50:57 - [] ----D C:\ProgramData\Nero
O43 - CFD: 04/09/2013 - 11:54:08 - [] ----D C:\ProgramData\OnlineUpdate
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\Package Cache
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 31/03/2014 - 11:25:09 - [] ----D C:\ProgramData\Protexis
O43 - CFD: 05/03/2014 - 09:13:12 - [] ----D C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 15/08/2013 - 11:43:19 - [] ----D C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 01:53:55 - [] -SH-D C:\ProgramData\Templates
O43 - CFD: 27/06/2014 - 17:21:13 - [] ----D C:\ProgramData\VIVO INTERNET
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 29/08/2014 - 14:30:22 - [] ----D C:\Users\Usuario\AppData\Roaming\Adobe
O43 - CFD: 04/12/2013 - 12:56:16 - [] ----D C:\Users\Usuario\AppData\Roaming\Ahead
O43 - CFD: 25/07/2014 - 23:19:27 - [] ----D C:\Users\Usuario\AppData\Roaming\Apple Computer
O43 - CFD: 09/08/2014 - 15:13:18 - [] ----D C:\Users\Usuario\AppData\Roaming\Avant Downloader
O43 - CFD: 09/08/2014 - 16:26:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Avant Profiles
O43 - CFD: 30/11/2013 - 09:40:59 - [] ----D C:\Users\Usuario\AppData\Roaming\AVAST Software
O43 - CFD: 30/11/2013 - 09:18:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security
O43 - CFD: 29/08/2014 - 14:35:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 31/03/2014 - 11:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Corel
O43 - CFD: 15/08/2013 - 11:48:36 - [] ----D C:\Users\Usuario\AppData\Roaming\CyberLink
O43 - CFD: 15/08/2013 - 11:14:02 - [] ----D C:\Users\Usuario\AppData\Roaming\Identities
O43 - CFD: 15/08/2013 - 19:41:36 - [] ----D C:\Users\Usuario\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 05:52:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Media Center Programs
O43 - CFD: 03/06/2014 - 14:31:14 - [] -S--D C:\Users\Usuario\AppData\Roaming\Microsoft
O43 - CFD: 15/08/2013 - 15:31:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Mozilla
O43 - CFD: 22/08/2014 - 18:19:31 - [] ----D C:\Users\Usuario\AppData\Roaming\Opera Software
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 17:01:25 - [] ----D C:\Users\Usuario\AppData\Roaming\Skype
O43 - CFD: 21/10/2013 - 20:36:45 - [] ----D C:\Users\Usuario\AppData\Roaming\VIVO INTERNET
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 15/08/2013 - 11:19:52 - [] ----D C:\Users\Usuario\AppData\Roaming\WinRAR
O43 - CFD: 29/08/2014 - 19:55:21 - [] ----D C:\Users\Usuario\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 22/08/2014 - 19:10:58 - [] ----D C:\Users\Usuario\AppData\Local\Adobe
O43 - CFD: 01/09/2013 - 12:49:36 - [] ----D C:\Users\Usuario\AppData\Local\Ahead
O43 - CFD: 25/07/2014 - 14:36:16 - [] ----D C:\Users\Usuario\AppData\Local\Apple
O43 - CFD: 28/07/2014 - 13:25:20 - [] ----D C:\Users\Usuario\AppData\Local\Apple Computer
O43 - CFD: 19/10/2013 - 23:18:56 - [] ----D C:\Users\Usuario\AppData\Local\Comodo
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Dados de aplicativos
O43 - CFD: 28/08/2014 - 12:12:22 - [] ----D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
O43 - CFD: 17/04/2014 - 21:38:14 - [] -SH-D C:\Users\Usuario\AppData\Local\EmieSiteList
O43 - CFD: 17/04/2014 - 21:38:14 - [] -SH-D C:\Users\Usuario\AppData\Local\EmieUserList
O43 - CFD: 20/10/2013 - 20:31:35 - [] ----D C:\Users\Usuario\AppData\Local\Facebook
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 30/07/2014 - 08:25:36 - [] ----D C:\Users\Usuario\AppData\Local\Google
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Histórico
O43 - CFD: 04/10/2013 - 19:07:53 - [] ----D C:\Users\Usuario\AppData\Local\Macromedia
O43 - CFD: 29/08/2014 - 14:29:56 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft
O43 - CFD: 10/09/2013 - 12:07:56 - [] ----D C:\Users\Usuario\AppData\Local\Microsoft Games
O43 - CFD: 15/08/2013 - 11:24:32 - [0] ----D C:\Users\Usuario\AppData\Local\Microsoft Help
O43 - CFD: 05/10/2013 - 17:52:14 - [] ----D C:\Users\Usuario\AppData\Local\Mozilla
O43 - CFD: 22/08/2014 - 18:19:33 - [] ----D C:\Users\Usuario\AppData\Local\Opera Software
O43 - CFD: 29/08/2014 - 14:31:16 - [] ----D C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 30/11/2013 - 19:43:46 - [] ----D C:\Users\Usuario\AppData\Local\Programs
O43 - CFD: 15/08/2013 - 14:33:00 - [] ----D C:\Users\Usuario\AppData\Local\SlimWare Utilities Inc
O43 - CFD: 29/08/2014 - 19:54:55 - [] ----D C:\Users\Usuario\AppData\Local\Temp
O43 - CFD: 15/08/2013 - 11:13:30 - [] -SH-D C:\Users\Usuario\AppData\Local\Temporary Internet Files
O43 - CFD: 14/07/2009 - 01:42:04 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 19/05/2014 - 10:32:04 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 15/08/2013 - 15:06:03 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
O43 - CFD: 14/07/2009 - 01:37:42 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter
O43 - CFD: 22/07/2014 - 17:57:12 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
O43 - CFD: 22/08/2014 - 18:51:09 - [] R---D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O43 - CFD: 15/08/2013 - 11:19:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
~ Program Folder: 173 Scanned in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.614B1A95F788B280EDFD54B83C94CC91] - 15/08/2014 - 22:47:15 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [790304]
O44 - LFC:[MD5.CADC4CFE957C24984FFA718AB7E4EF3C] - 20/08/2014 - 10:29:35 ---A- . (.Microsoft Corporation - IU de consentimento para aplicativos admini.) -- C:\Windows\System32\consent.exe [101824]
O44 - LFC:[MD5.9DA1CCDBBF8136AC2383C2624CA8CD14] - 20/08/2014 - 10:29:35 ---A- . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msihnd.dll [337408]
O44 - LFC:[MD5.43CD23B65CBF04D6F8ACA984B0EF93FE] - 20/08/2014 - 10:29:36 ---A- . (.Microsoft Corporation - Interface do Usuário da Autenticação do Win.) -- C:\Windows\System32\authui.dll [1805824]
O44 - LFC:[MD5.C212A43AA83A717AD38505F23ACDCB33] - 20/08/2014 - 10:29:38 ---A- . (.Microsoft Corporation - Windows Installer.) -- C:\Windows\System32\msi.dll [2363392]
O44 - LFC:[MD5.D08819FEE0CDB8A8A58E2B34D05E7A11] - 20/08/2014 - 10:30:16 ---A- . (.Microsoft Corporation - DLL do recurso Fusos Horários.) -- C:\Windows\System32\tzres.dll [2048]
O44 - LFC:[MD5.8453DDF167CE2986AA4AB04BC6824925] - 20/08/2014 - 10:32:02 ---A- . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll [17524224]
O44 - LFC:[MD5.7C1BFC2ABE297BCA1A7BA77A8292C088] - 20/08/2014 - 10:32:04 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript9.dll [4204032]
O44 - LFC:[MD5.24FA5F74D3B4BA62539DF87285BA934E] - 20/08/2014 - 10:32:06 ---A- . (.Microsoft Corporation - Microsoft ® JScript Diagnostics.) -- C:\Windows\System32\jscript9diag.dll [597504]
O44 - LFC:[MD5.FF4A917DD7C387BD2715A5F67307FED1] - 20/08/2014 - 10:32:09 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll [2184704]
O44 - LFC:[MD5.272420427EB96EA052C719AA796C09F2] - 20/08/2014 - 10:32:11 ---A- . (.Microsoft Corporation - DAC for Trident DOM.) -- C:\Windows\System32\MshtmlDac.dll [61952]
O44 - LFC:[MD5.49FFD37673BD20279A8BF27CC20040B3] - 20/08/2014 - 10:32:11 ---A- . (.Microsoft Corporation - Microsoft (R) HTML Media DLL.) -- C:\Windows\System32\mshtmlmedia.dll [1068032]
O44 - LFC:[MD5.444EB30B1610A35FC99D62A91B2BCAA7] - 20/08/2014 - 10:32:13 ---A- . (.Microsoft Corporation - Microsoft® HTML Editing Component.) -- C:\Windows\System32\mshtmled.dll [69632]
O44 - LFC:[MD5.90FF511B751A0327D07C4073760F1578] - 20/08/2014 - 10:32:14 ---A- . (.Microsoft Corporation - Navegador da Internet.) -- C:\Windows\System32\ieframe.dll [11772928]
O44 - LFC:[MD5.F48A1A114382AB4EF8000E1943E6CF1F] - 20/08/2014 - 10:32:15 ---A- . (.Microsoft Corporation - Mecanismo da Interface do Usuário do Intern.) -- C:\Windows\System32\ieui.dll [438784]
O44 - LFC:[MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - 20/08/2014 - 10:32:17 ---A- . (.Microsoft Corporation - Internet Extensions para Win32.) -- C:\Windows\System32\wininet.dll [1792512]
O44 - LFC:[MD5.18A3154606E3F8945956948A4E708007] - 20/08/2014 - 10:32:18 ---A- . (.Microsoft Corporation - Microsoft SmartScreen Filter.) -- C:\Windows\System32\ieapfltr.dll [704512]
O44 - LFC:[MD5.D7D412D3436CFB85B383CDD3C9B455F0] - 20/08/2014 - 10:32:19 ---A- . (.Microsoft Corporation - IE ETW Collector Service Resources.) -- C:\Windows\System32\ieetwcollectorres.dll [4096]
O44 - LFC:[MD5.9D16B568E318F49535AD72539C9997C2] - 20/08/2014 - 10:32:19 ---A- . (.Microsoft Corporation - Microsoft ® VBScript.) -- C:\Windows\System32\vbscript.dll [455168]
O44 - LFC:[MD5.B91AA3BC8083E66925FAE29FDA485CEA] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Classificação da Internet e DLL de gerencia.) -- C:\Windows\System32\msrating.dll [164864]
O44 - LFC:[MD5.4D0E91438CE181AF94C653B3BBE3C65A] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Mapa de versão IOD.) -- C:\Windows\System32\iesetup.dll [61952]
O44 - LFC:[MD5.7EFBB7A3C664A8DF93C9937DF76760A4] - 20/08/2014 - 10:32:21 ---A- . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe [663040]
O44 - LFC:[MD5.E70C00791A18866BB23B3A652E3390A0] - 20/08/2014 - 10:32:22 ---A- . (.Microsoft Corporation - Painel de Controle da Internet.) -- C:\Windows\System32\inetcpl.cpl [2001920]
O44 - LFC:[MD5.E8D46F442AB53A52BDBB3EA0C51BDABD] - 20/08/2014 - 10:32:25 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb [2724864]
O44 - LFC:[MD5.1A05CFA45B6AEBFCCC835DCF68CBD1D0] - 20/08/2014 - 10:32:26 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [526336]
O44 - LFC:[MD5.36B67392AFB8901CC442EA988AD4603D] - 20/08/2014 - 10:32:29 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll [43008]
O44 - LFC:[MD5.87C2B5010779DF6BE4732751C5DB5D64] - 20/08/2014 - 10:32:29 ---A- . (.Microsoft Corporation - Utilitário de Instalação Autônoma do IE 7.0.) -- C:\Windows\System32\ieUnatt.exe [112128]
O44 - LFC:[MD5.7B051C4A70F23A84A09366999FE63CBD] - 20/08/2014 - 10:32:30 ---A- . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll [307384]
O44 - LFC:[MD5.6D017C0E499443ACDE3D9B5DCD753F32] - 20/08/2014 - 10:32:31 ---A- . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll [1169920]
O44 - LFC:[MD5.478824EC0BCE9968C0DC787164B1753B] - 20/08/2014 - 10:32:32 ---A- . (.Microsoft Corporation - Processamento de RunOnce estendido com inte.) -- C:\Windows\System32\iernonce.dll [32768]
O44 - LFC:[MD5.3BB3D5D1CACD68BE8F7A16CCB3AADA93] - 20/08/2014 - 10:32:33 ---A- . (.Microsoft Corporation - Microsoft Spell Checking Facility.) -- C:\Windows\System32\MsSpellCheckingFacility.exe [646144]
O44 - LFC:[MD5.FEE3E022B00A5165ED645E38C1E6C776] - 20/08/2014 - 10:32:36 ---A- . (.Microsoft Corporation - JavaScript Performance Collection Agent.) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [60416]
O44 - LFC:[MD5.004DFEA0B7AE3F8F438CD2D8C643DAEE] - 20/08/2014 - 10:32:37 ---A- . (.Microsoft Corporation - IE ETW Collector Service.) -- C:\Windows\System32\ieetwcollector.exe [108032]
O44 - LFC:[MD5.41A3A54603686FD437FA4E8EB95025F9] - 20/08/2014 - 10:32:38 ---A- . (.Microsoft Corporation - IE ETW Collector Proxy Stub Resources.) -- C:\Windows\System32\ieetwproxystub.dll [51200]
O44 - LFC:[MD5.5860EE5C807CB3866551B845123493C6] - 20/08/2014 - 10:32:50 ---A- . (.Microsoft Corporation - Canonical Display Driver.) -- C:\Windows\System32\cdd.dll [107520]
O44 - LFC:[MD5.0EC652D17AB4607745FB4E6958E8FAB6] - 20/08/2014 - 10:32:52 ---A- . (.Microsoft Corporation - DirectX Graphics MMS.) -- C:\Windows\System32\Drivers\dxgmms1.sys [219072]
O44 - LFC:[MD5.3583A5A8CC2E682BFFBD4630D0FEC08B] - 20/08/2014 - 10:32:53 ---A- . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys [730048]
O44 - LFC:[MD5.C9059EF0C94C55C0DA9CACEE160A5F66] - 20/08/2014 - 10:33:05 ---A- . (.Microsoft Corporation - Tempo de Execução da Chamada de Procediment.) -- C:\Windows\System32\rpcrt4.dll [654336]
O44 - LFC:[MD5.28A8B99DE70F376B18709E6B07D6A352] - 21/08/2014 - 01:27:47 ---A- . (.Microsoft Corporation - Windows Presentation Foundation Terminal Se.) -- C:\Windows\System32\TsWpfWrp.exe [35480]
O44 - LFC:[MD5.8D466B36076BCD7997838C0DDB69764C] - 21/08/2014 - 01:27:56 ---A- . (.Microsoft Corporation - Windows CardSpace User Interface Agent.) -- C:\Windows\System32\icardagt.exe [619672]
O44 - LFC:[MD5.370FC4421ADE62FC89AC93B345570388] - 21/08/2014 - 01:28:11 ---A- . (.Microsoft Corporation - Windows CardSpace.) -- C:\Windows\System32\icardres.dll [8856]
O44 - LFC:[MD5.AF6655214DEBB2C8446DE843A02AAEBA] - 21/08/2014 - 01:28:19 ---A- . (.Microsoft Corporation - Microsoft InfoCards.) -- C:\Windows\System32\infocardapi.dll [99480]
O44 - LFC:[MD5.613817D8A16C0881E2C8B3BC1AE65F61] - 21/08/2014 - 01:33:57 ---A- . (.Microsoft Corporation - Ferramentas de Remoção de Software Mal-Inte.) -- C:\Windows\System32\MRT.exe [96303304]
O44 - LFC:[MD5.D46A98F636ED62BFF86A7FBD9FB8A0D3] - 21/08/2014 - 22:13:26 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [699568]
O44 - LFC:[MD5.2B74D96B832F7D9B3E6D29FC396BD2EE] - 21/08/2014 - 22:13:26 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [71344]
O44 - LFC:[MD5.CC0F8A70179C0F7292A0486C6EAEDFA5] - 22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/08/2014 - 21:37:13 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.F419D738BD2AE58D9DF2F9FEB5F43842] - 23/08/2014 - 10:06:27 ---A- . (.Microsoft Corporation - Windows Update Application Launcher.) -- C:\Windows\System32\wuapp.exe [33792]
O44 - LFC:[MD5.5AA2CAD923E9E647276A61387E83DDD0] - 23/08/2014 - 10:06:41 ---A- . (.Microsoft Corporation - Windows Update Vista Web Control.) -- C:\Windows\System32\wuwebv.dll [179656]
O44 - LFC:[MD5.867148EBF47E7E7E7B21C07B4A981929] - 23/08/2014 - 10:07:47 ---A- . (.Microsoft Corporation - API do Cliente do Windows Update.) -- C:\Windows\System32\wuapi.dll [581600]
O44 - LFC:[MD5.372218B80DEF827063049EBEE76B7501] - 23/08/2014 - 10:07:47 ---A- . (.Microsoft Corporation - Windows Update WUDriver Stub.) -- C:\Windows\System32\wudriver.dll [92672]
O44 - LFC:[MD5.255F0417EC31C71585824269522EC8E9] - 23/08/2014 - 10:07:48 ---A- . (.Microsoft Corporation - Windows Update client proxy stub.) -- C:\Windows\System32\wups.dll [36320]
O44 - LFC:[MD5.EC6E2DB67695966DF22CF5EBEFC1D305] - 23/08/2014 - 10:08:26 ---A- . (.Microsoft Corporation - Experiência de Usuário Cliente do Windows U.) -- C:\Windows\System32\wucltux.dll [2425856]
O44 - LFC:[MD5.D9B0134913E5EF007AF82A418C503322] - 23/08/2014 - 10:08:26 ---A- . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1973728]
O44 - LFC:[MD5.072678E0D68E9C3A7960328671134C7B] - 23/08/2014 - 10:08:27 ---A- . (.Microsoft Corporation - Windows Update.) -- C:\Windows\System32\wuauclt.exe [54240]
O44 - LFC:[MD5.459E257F8915D44B23ACB46211FD45D0] - 23/08/2014 - 10:08:28 ---A- . (.Microsoft Corporation - Windows Update client proxy stub 2.) -- C:\Windows\System32\wups2.dll [45536]
O44 - LFC:[MD5.7E86F1E133233A51BE1B6849A1A315C0] - 23/08/2014 - 22:22:12 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.C315FB0D2F99BF8E09A473DF46AEEB47] - 24/08/2014 - 11:33:39 ---A- . (...) -- C:\Windows\PFRO.log [8324]
O44 - LFC:[MD5.222FEC6A9BBCC5186A1D111EE525F896] - 27/08/2014 - 11:50:29 ---A- . (...) -- C:\zoek-results.log [67158]
O44 - LFC:[MD5.CA630DBADEB5B6101531F986ADFE46C9] - 29/08/2014 - 17:16:05 ---A- . (.Thisisu - Junkware Removal Tool.) -- C:\JRT.exe [1016261]
O44 - LFC:[MD5.B0EC8C6756A84C17ADB89B58786DD8E4] - 29/08/2014 - 17:40:05 ---A- . (...) -- C:\Windows\setupact.log [280]
O44 - LFC:[MD5.6CD4A748E09C6FA4012A0434B13E0CDF] - 29/08/2014 - 18:18:00 ---A- . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\ZHPDiag2.exe [6860008]
O44 - LFC:[MD5.7BC75BB93CC2E2AA1B8566905F298682] - 29/08/2014 - 18:33:26 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.2E62309469D76C77D676C97CD8E27A07] - 29/08/2014 - 18:33:35 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1576723]
~ Files: 66 Scanned in 00mn 20s
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty 04 ZHPDiag Log

Mensagem por Gil Raman em Sex 29 Ago 2014, 20:16


---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.66654A711DABFE6D30D065F0E78D9B7A] - 29/08/2014 - 19:39:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-376284BF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.0F641B1C4E8A6387C1AB65D921AAF740] - 29/08/2014 - 17:41:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATEHANDLER.E-290574D8.pf =>PUP.PriceMeter
~ Prefetcher: 2 Scanned in 00mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Negação do serviço (Local Security Authority) (048)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ LSA: 8 Scanned in 00mn 00s



---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0480787f-0c28-11e3-b970-001e101f8924}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{1959094b-fdff-11e3-9217-e81132b44dea}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{19590958-fdff-11e3-9217-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{31cf5a92-006f-11e4-a8d6-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{34165d68-05f8-11e3-8081-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{34165d74-05f8-11e3-8081-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{4e3c79c0-168e-11e3-992c-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{4e3c79ce-168e-11e3-992c-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{7a084fb8-1458-11e4-a847-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{88902452-1662-11e3-b7c3-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{88902460-1662-11e3-b7c3-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{8c32c8e6-2d32-11e3-b49a-e81132b44dea}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
~ TDSD: 9 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\BDRegion [Key] . (.cyberlink - brs.) -- C:\Program Files\Cyberlink\Shared Files\brs.exe
O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\PDVD8LanguageShortcut [Key] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O53 - SMSR:HKLM\...\startupreg\RemoteControl8 [Key] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
~ SMSR Keys: 7 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0
~ MWPS: 18 Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ MWPE Keys: 1 Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297552]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [146512]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [14400]
O58 - SDL:20/11/2010 - 09:29:13 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\Drivers\amdsata.sys [80256]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\System32\Drivers\amdsbs.sys [159312]
O58 - SDL:20/11/2010 - 09:29:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\Drivers\amdxata.sys [22400]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [76368]
O58 - SDL:13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [86608]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\System32\Drivers\aswMonFlt.sys [67824]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (.AVAST Software - avast! WFP Redirect Driver.) -- C:\Windows\System32\Drivers\aswRdr2.sys [81768]
O58 - SDL:01/08/2014 - 08:21:15 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\System32\Drivers\aswSnx.sys [779536]
O58 - SDL:01/08/2014 - 08:42:50 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\System32\Drivers\aswsp.sys [414520]
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (.AVAST Software - Stream Filter.) -- C:\Windows\System32\Drivers\aswStm.sys [71944]
O58 - SDL:01/08/2014 - 08:21:16 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:12/12/2011 - 19:32:24 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\Drivers\athr.sys [2228224]
O58 - SDL:13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\System32\Drivers\b57nd60x.sys [229888]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:16/06/2014 - 09:08:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:13/06/2014 - 07:03:37 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [157504]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [272128]
O58 - SDL:13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\Drivers\bxvbdx.sys [430080]
O58 - SDL:13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [15952]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [70720]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\Drivers\evbdx.sys [3100160]
O58 - SDL:30/06/2013 - 21:27:59 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbwwan.sys [381952]
O58 - SDL:21/08/2013 - 23:30:35 ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcacm Driver.) -- C:\Windows\System32\Drivers\ew_cdcacm.sys [108032]
O58 - SDL:21/08/2013 - 23:31:49 ---A- . (.Huawei Technologies Co., Ltd. - ew_cdcndis Driver.) -- C:\Windows\System32\Drivers\ew_wwanecm.sys [315520]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\System32\Drivers\HECI.sys [41088]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\System32\Drivers\HpSAMD.sys [67152]
O58 - SDL:20/11/2010 - 09:29:54 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\Drivers\iaStorV.sys [332160]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\Drivers\igdkmd32.sys [10859520]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41040]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel Corporation - Intel(R) Turbo Boost Technology Driver.) -- C:\Windows\System32\Drivers\Impcd.sys [132480]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\Windows\System32\Drivers\IntcDAud.sys [270336]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [95824]
O58 - SDL:13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [89168]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas2.sys [54864]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [96848]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\System32\Drivers\megasas.sys [30800]
O58 - SDL:13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\Drivers\MegaSR.sys [235584]
O58 - SDL:17/07/2014 - 15:20:10 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [31744]
O58 - SDL:13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [44624]
O58 - SDL:20/11/2010 - 09:30:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [117120]
O58 - SDL:20/11/2010 - 09:30:06 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [143744]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [1383488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106064]
O58 - SDL:31/12/1999 - 21:00:00 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\System32\Drivers\Rt86win7.sys [391272]
O58 - SDL:13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [40016]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [77888]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:15/08/2013 - 19:34:26 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:30/04/2013 - 05:51:09 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35088]
O58 - SDL:13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [16976]
O58 - SDL:13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\Drivers\vsmraid.sys [141904]
O58 - SDL:25/07/2014 - 16:19:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys [52880] =>PUP.LinkiDoo
O58 - SDL:09/08/2014 - 06:30:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880] =>PUP.LinkiDoo
O58 - SDL:22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:12/12/2011 - 19:32:24 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athr.sys [2228224]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:14/10/2013 - 19:07:16 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [952]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 88 Scanned in 00mn 11s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/08/2014 - 19:56:24 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\Usuario\AppData\Local\Temp\1FEDtmp\flash_player_14_plugin.exe [19178160]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\208Atmp\cloud_backup_setup.exe [73816]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2118tmp\setup.exe [8427248]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2157tmp\freesofttoday.exe [3317296] =>Adware.FreeSoftToday
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2177tmp\vopackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2291tmp\installer.exe [10196088]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\22E1tmp\ads.exe [1433036]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\CloudBackup417.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\gentlemjfst_ibr.exe [1931432]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_secureprotect_installer_multilang.exe [426448]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_togglemark_installer_multilang.exe [426056]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\22B1tmp\speedupmypc.exe [1291368] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\SpeedUpMyPC-standalone-setup.exe [18464440] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Maxthon International ltd..) -- C:\Users\Usuario\AppData\Local\Temp\mx_offline\mx_setup.exe [39403688]
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\vcredist_x86.exe [4216840]
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\Uninstall.exe [118801] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\VOPackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\Firefox Setup Stub 31.0.exe [244272]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\ccleaner-4-16-4736-32-bits.exe [689200]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (...) -- C:\Users\Usuario\Downloads\flash_player_14_plugin.exe [1583312]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Google Inc..) -- C:\Users\Usuario\Downloads\ChromeSetup (2).exe [895120]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Opera Software.) -- C:\Users\Usuario\Downloads\Opera_NI_next.exe [868800]
O61 - LFC: 22/08/2014 - 19:56:52 ---A- . (.Piriform Ltd.) -- C:\Users\Usuario\Downloads\ccleaner-4-16-4736-32-bits [1].exe [4813544]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_secureprotect_installer_multilang.exe [426312]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_togglemark_installer_multilang.exe [426072]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\ToggleMarkUntemp.exe [543520]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\gentlemjfst_ibr.exe [1931560]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\IpConfig.dll [117248]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\WmiInspector.dll [106496]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\inetc.dll [20992]
O61 - LFC: 29/08/2014 - 19:56:28 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\storage.bin [105296] =>PUP.ContentExplorer
O61 - LFC: 29/08/2014 - 19:56:52 ---A- . (.Badoo.) -- C:\Users\Usuario\Downloads\badoo.desktop.installer-1.6.58.exe [3225360]
~ 254 Fichiers temporaires (Temporary files)
~ 15 Fichiers cookies (Cookies files)
~ Files: 37 Scanned in 00mn 50s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswRdr2.sys (aswRdr) .(.AVAST Software - avast! WFP Redirect Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - 01/08/2014 - C:\Windows\System32\Drivers\aswRvrt.sys (aswRvrt) .(...) - LEGACY_ASWRVRT
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - 01/08/2014 - C:\Windows\system32\drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - 01/08/2014 - C:\Windows\System32\Drivers\aswVmm.sys (aswVmm) .(...) - LEGACY_ASWVMM
O64 - Services: CurCS - 16/06/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdApiUtil.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 16/06/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 13/06/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 17/07/2014 - C:\Windows\System32\drivers\netfilter.sys (netfilter) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_NETFILTER
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 25/07/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 09/08/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}w) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W =>PUP.LinkiDoo
O64 - Services: CurCS - 22/08/2014 - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) .(.StdLib - StdLib.) - LEGACY_{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W =>PUP.LinkiDoo
O64 - Services: CurCS - 15/05/2008 - C:\Program Files\CyberLink\PowerDVD8\000.fcl ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) .(.Cyberlink Corp. - FCL Driver.) - LEGACY_{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
~ Legacy: 98 Scanned in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe" [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Comodo\IceDragon\icedragon.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Next.) -- C:\Program Files\Opera Next\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.keepAliveLastevent", "1408742961"); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225"); =>PUP.HelperBar
~ Keys: Scanned in 00mn 00s



---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN32-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN64-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN32-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
C:\Users\Usuario\Setups\Corel\CORELDRAW_GRAPHICS_SUITE_X7_WIN64-XFORCE\Crack\Keygen.exe =>.Crack,Keygen
~ Files: Scanned in 02mn 08s



---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [679424]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [473600]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [521216]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1973728]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102912]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 01s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.B29E83869C302164E81F3B3D1DC51A90] [SPRF][20/01/2014] (.Solid State Networks - Adobe Flash Player Installer.) -- C:\Users\Usuario\Desktop\install_flashplayer12x32au_ltr5x32d_awc_aih.exe [1069512]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792]
~ Files: 5 Scanned in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: Nero Scout - {3d6be802-fc0d-4595-a304-e611f97089dc}
~ MNS: 1 Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 181 Scanned in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
~ BCK: 7345 Scanned in 00mn 15s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/08/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 21/08/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 15/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 31/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 31/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe
SS - | Disabled 17/07/2014 151040 | (SupraSavingsService) . (...) - C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07\hmhfslexky.exe =>PUP.SupraSavings
SS - | Auto 07/08/2013 656976 | (VIVO INTERNET. RunOuc) . (...) - C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 01/08/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/06/2014 2038248 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
SR - | Auto 16/06/2014 481432 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 09/08/2014 694784 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SR - | Auto 31/12/1999 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 22/08/2014 543232 | (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
SR - | Auto 31/03/2014 541696 | (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
SR - | Auto 13/09/2013 277360 | (PSI_SVC_2) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 11/07/2014 80576 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark\sparkservice.exe
SR - | Auto 31/12/1999 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 21/08/2014 543232 | (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 15/05/2008 61424 | ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp..) - C:\Program Files\CyberLink\PowerDVD8\000.fcl
~ Services: Scanned in 00mn 20s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Você precisa estar registrado e conectado para ver este link.]
~ MBR: 1 Scanned in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Você precisa estar registrado e conectado para ver este link.]
Run by Usuario at 29/08/2014 19:59:46
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 15
Fichiers trouvés (Files found) : 46

[HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae] =>PUP.Astromenda^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\mtgaotushb32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^
[HKLM\SYSTEM\CurrentControlSet\Services\vulsrsebjh32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>PUP.VuuPC^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\PIP] =>Toolbar.Ask
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae =>PUP.Astromenda^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\005 =>PUP.AdPeak^
C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Program Files\SupTab\HpUI.exe =>PUP.SupTab^
C:\Program Files\SupTab\Loader32.exe =>PUP.SupTab^
C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^
C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 =>PUP.CrossRider^
C:\Windows\Tasks\Funmoods.job =>PUP.Funmoods^
C:\Windows\System32\Tasks\Funmoods =>PUP.Funmoods^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
~ Additionnel Scan: 315528 Items scanned in 00mn 33s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Scanned in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.] =>PUP.PriceMeter
[Você precisa estar registrado e conectado para ver este link.] =>PUP.ContentExplorer
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Astromenda
[Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Proxy
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdPeak
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Funmoods
[Você precisa estar registrado e conectado para ver este link.] =>PUP.CrossRider
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Dealply
[Você precisa estar registrado e conectado para ver este link.] =>PUP.VuuPC
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupraSavings
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SaveSense
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AgenceExclusive
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Vittalia
[Você precisa estar registrado e conectado para ver este link.] =>Adware.FreeSoftToday
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Downware
[Você precisa estar registrado e conectado para ver este link.] =>PUP.NextLive
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdvancedSystemProtector
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.SmartBar
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.TornTV
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Wajam
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>Adware.IMBooster
~ MSI: 27 link(s) detected in 00mn 00s



---\\ Alert Messages
WARNING : Hijacker Proxy found, Clean with ZHPCleaner Tool

End of the scan (1555 lines in 06mn 11s)(4)
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram em Sex 29 Ago 2014, 22:51

Boa Noite! Gil Raman

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
emptytemp
Firewallraz
SS - | Auto 21/08/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
SS - | Demand 21/08/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
SS - | Auto 31/03/2014 150504 | (pricemeterliveUpdate) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 31/03/2014 150504 | (pricemeterliveUpdatem) . (.PriceMeter.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
SS - | Demand 10/07/1658 0 | (SparkUpdater) . (...) - C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe SS - | Disabled 17/07/2014 151040 | (SupraSavingsService) . (...) - C:\Program Files\C6CAB4CF-DAB9-45B9-AE9A-961145402E07\hmhfslexky.exe =>PUP.SupraSavings
SR - | Auto 09/08/2014 694784 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SR - | Auto 22/08/2014 543232 | (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
SR - | Auto 31/03/2014 541696 | (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
SR - | Auto 11/07/2014 80576 | (SparkSvc) . (.Baidu Inc..) - C:\Program Files\baidu\Spark\sparkservice.exe   SR - | Auto 21/08/2014 543232 | (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
[MD5.10FE324D6FBCF10587A503B99B10882C] - (...) -- C:\Program Files\Opera Next\24.0.1558.51_0\opera_crashreporter.exe [1372280] [PID.5384]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA] (.Facebook Inc..) -- C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.00000000000000000000000000000000] [APT] [{20A7C71D-008A-4132-9DDC-D6239052267D}] (...) -- c:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C362CBD1-13DC-4885-96C3-FCF90CD613E1}] (...) -- C:\Program Files\Mobinil USB Modem\uninst.exe (.not file.) [0]
[MD5.FFE86FE57B81D5DF61E978B0B2ACE7B5] - (...) -- C:\Program Files\SupTab\HpUI.exe [724480] [PID.3996] =>PUP.SupTab
[MD5.D46415CD75DDA09F0A17D2FDA2235CB0] - (...) -- C:\Program Files\SupTab\Loader32.exe [64000] [PID.868] =>PUP.SupTab
[MD5.269D066D41B631B1F22936248E80354F] - (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] [PID.1016] =>PUP.PriceMeter
[MD5.1FB581BAADA8C87DD7A2E32FE62ED868] - (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2429680] [PID.3396] =>PUP.ContentExplorer
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RCP\systweakasp.exe (.not file.) [0]    
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Usuario\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]    
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineCore] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.3D8B851E7EFCDC130E4B301BDDE10099] [APT] [PriceMeterLiveUpdateUpdateTaskMachineUA] (.PriceMeter.) -- C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [pricemetertask] (...) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeter.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.269D066D41B631B1F22936248E80354F] [APT] [pricemeterwatcher] (.PriceMeter.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe [309256] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [SparkUpdater] (...) -- C:\Program Files\baidu\Spark\SparkUpdate.exe (.not file.) [0]
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
G2 - GCE: Preference [User Data\Default] [pfkfdlcdbajamklbneflfbcmfgddmpae] Astromenda New Tab v.0.3.6, (Désactivé) =>PUP.Astromenda
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll    
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll    
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
P2 - FPN: [HKLM] [@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9] - (.PriceMeter - PriceMeterLiveUpdate Update.) -- C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll =>PUP.PriceMeter
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = [Você precisa estar registrado e conectado para ver este link.] =>PUP.HelperBar
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51319;https=127.0.0.1:51319 =>Hijacker.Proxy
O4 - HKCU\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [GuUnacE] C:\Users\Usuario\AppData\Local\GuUnacE.exe (.not file.)
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O4 - HKCU\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [PriceMeterW] . (.PriceMeter - PriceMeterW.) -- C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-2578862199-3110367618-3840235185-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe    
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
O23 - Service: mtgaotushb32 (mtgaotushb32) . (...) - C:\Program Files\005\mtgaotushb32.exe =>PUP.AdPeak
O23 - Service: nuttkoqiez32 (nuttkoqiez32) . (...) - C:\Program Files\003\nuttkoqiez32.exe =>PUP.AdPeak
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) . (.PriceMeter - PriceMeterLiveUpdate Update.) - C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter
O23 - Service: Baidu Spark Service (SparkSvc) . (.Baidu Inc. - spark.) - C:\Program Files\baidu\Spark\sparkservice.exe    
O23 - Service: vulsrsebjh32 (vulsrsebjh32) . (...) - C:\Program Files\005\vulsrsebjh32.exe =>PUP.AdPeak
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core.job [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core [914]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA.job [936]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA [936]
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job [2896] =>PUP.CrossRider
O39 - APT: e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 - (.WFprotect.) -- C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 [2896] =>PUP.CrossRider
O39 - APT: Funmoods - (...) -- C:\Windows\Tasks\Funmoods.job [300] =>PUP.Funmoods
O39 - APT: Funmoods - (...) -- C:\Windows\System32\Tasks\Funmoods [300] =>PUP.Funmoods
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [914]    
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [914]    
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineCore - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore [952] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job [956] =>PUP.PriceMeter
O39 - APT: PriceMeterLiveUpdateUpdateTaskMachineUA - (.PriceMeter.) -- C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA [956] =>PUP.PriceMeter
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys =>PUP.LinkiDoo
O41 - Driver: ({55dce8ba-9dec-4013-937e-adbf9317d990}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys =>PUP.LinkiDoo
O41 - Driver: ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys =>PUP.LinkiDoo
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: Price Meter (remove only) - (.Price Meter.) [HKCU] -- Price Meter =>PUP.PriceMeter
O42 - Logiciel: Remote Desktop Access (VuuPC) - (.CMI Limited.) [HKLM] -- VOPackage =>PUP.VuuPC
O42 - Logiciel: Update for PriceMeter - (.Update for PriceMeter.) [HKCU] -- PriceMeterUpdater =>PUP.PriceMeter
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM] -- WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 01/08/2014 - 21:43:48 - [] ----D C:\ProgramData\McAfee Security Scan
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 14:31:12 - [] ----D C:\Program Files\005 =>PUP.AdPeak
O43 - CFD: 29/08/2014 - 17:43:50 - [] ----D C:\Program Files\baidu    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\globalUpdate    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:33:22 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 28/07/2014 - 13:01:16 - [] ----D C:\ProgramData\Baidu Security    
O43 - CFD: 29/08/2014 - 14:33:05 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 04/09/2013 - 11:54:07 - [] ----D C:\ProgramData\log    
O43 - CFD: 29/08/2014 - 14:33:20 - [] ----D C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu
O43 - CFD: 30/11/2013 - 09:18:43 - [] ----D C:\Users\Usuario\AppData\Roaming\Baidu Security    
O43 - CFD: 29/08/2014 - 14:35:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 29/08/2014 - 14:31:15 - [] ----D C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 29/08/2014 - 14:31:16 - [] ----D C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter
O43 - CFD: 29/08/2014 - 14:31:19 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
O44 - LFC:[MD5.CC0F8A70179C0F7292A0486C6EAEDFA5] - 22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O45 - LFCP:[MD5.66654A711DABFE6D30D065F0E78D9B7A] - 29/08/2014 - 19:39:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-376284BF.pf =>PUP.PriceMeter
O45 - LFCP:[MD5.0F641B1C4E8A6387C1AB65D921AAF740] - 29/08/2014 - 17:41:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATEHANDLER.E-290574D8.pf =>PUP.PriceMeter
O58 - SDL:25/07/2014 - 16:19:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys [52880] =>PUP.LinkiDoo
O58 - SDL:09/08/2014 - 06:30:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880] =>PUP.LinkiDoo
O58 - SDL:22/08/2014 - 18:15:32 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys [52416] =>PUP.LinkiDoo
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2157tmp\freesofttoday.exe [3317296] =>Adware.FreeSoftToday
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2177tmp\vopackage.exe [291464] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\22B1tmp\speedupmypc.exe [1291368] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\SpeedUpMyPC-standalone-setup.exe [18464440] =>PUP.SpeedUpMyPC
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\Uninstall.exe [118801] =>Adware.Downware
O61 - LFC: 22/08/2014 - 19:56:51 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\VOPackage\VOPackage.exe [291464] =>Adware.Downware
O61 - LFC: 29/08/2014 - 19:56:28 ---A- . (...) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\storage.bin [105296] =>PUP.ContentExplorer
O64 - Services: CurCS - 25/07/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW =>PUP.LinkiDoo
O64 - Services: CurCS - 09/08/2014 - C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys ({55dce8ba-9dec-4013-937e-adbf9317d990}w) .(.StdLib - StdLib.) - LEGACY_{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W =>PUP.LinkiDoo
O64 - Services: CurCS - 22/08/2014 - C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}w) .(.StdLib - StdLib.) - LEGACY_{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W =>PUP.LinkiDoo
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\baidu\Spark\Spark.exe" [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.] =>Hijacker.WebsSearches
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.DockingPositionDown", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.Visibility", false); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.keepAliveLastevent", "1408742961"); =>PUP.HelperBar
O69 - SBI: prefs.js [Usuario - gqsbjvu4.default] user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225"); =>PUP.HelperBar
O44 - LFC:[MD5.222FEC6A9BBCC5186A1D111EE525F896] - 27/08/2014 - 11:50:29 ---A- . (...) -- C:\zoek-results.log [67158]
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O61 - LFC: 22/08/2014 - 19:56:24 ---A- . (.Adobe Systems Incorporated.) -- C:\Users\Usuario\AppData\Local\Temp\1FEDtmp\flash_player_14_plugin.exe [19178160]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\208Atmp\cloud_backup_setup.exe [73816]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2118tmp\setup.exe [8427248]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\2291tmp\installer.exe [10196088]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\22E1tmp\ads.exe [1433036]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\CloudBackup417.exe [5556040]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\gentlemjfst_ibr.exe [1931432]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-20QBK.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-5RF97.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_secureprotect_installer_multilang.exe [426448]
O61 - LFC: 22/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-DNCG1.tmp\package_togglemark_installer_multilang.exe [426056]
O61 - LFC: 22/08/2014 - 19:56:26 ---A- . (.Maxthon International ltd..) -- C:\Users\Usuario\AppData\Local\Temp\mx_offline\mx_setup.exe [39403688]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_secureprotect_installer_multilang.exe [426312]
O61 - LFC: 23/08/2014 - 19:56:25 ---A- . (.Software.) -- C:\Users\Usuario\AppData\Local\Temp\is-HOFB3.tmp\package_togglemark_installer_multilang.exe [426072]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\ToggleMarkUntemp.exe [543520]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\gentlemjfst_ibr.exe [1931560]
O61 - LFC: 23/08/2014 - 19:56:26 ---A- . (.Microsoft Corporation.) -- C:\Users\Usuario\AppData\Local\Temp\is-QQJ47.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\IpConfig.dll [117248]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\System.dll [11264]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\WmiInspector.dll [106496]
O61 - LFC: 24/08/2014 - 19:56:26 ---A- . (...) -- C:\Users\Usuario\AppData\Local\Temp\nscC4D7.tmp\inetc.dll [20992]
[HKLM\Software\PIP]    
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Headlight]  
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Baidu Security]    
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Vittalia] =>PUP.Vittalia
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKCU\Software\globalUpdate]    
[HKLM\Software\Baidu Security]    
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday
[HKLM\Software\GlobalUpdate]    
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\Supra Savings] =>PUP.SupraSavings
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu
[HKLM\Software\suprasavings] =>PUP.SupraSavings
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS =>Hijacker.TornTV
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae] =>PUP.Astromenda^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>PUP.IePluginService^
[HKLM\SYSTEM\CurrentControlSet\Services\mtgaotushb32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\nuttkoqiez32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\pricemeterliveUpdate) (pricemeterliveUpdate] =>PUP.PriceMeter^
[HKLM\SYSTEM\CurrentControlSet\Services\vulsrsebjh32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods] =>PUP.Funmoods^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>PUP.VuuPC^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}] =>PUP.Funmoods
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKCU\Software\SupHpUISoft] =>PUP.CrossRider^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKCU\Software\Vittalia] =>PUP.Vittalia^
[HKCU\Software\WSE_Astromenda] =>PUP.Astromenda^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
[HKLM\Software\Coupon Downloader] =>PUP.CouponDownloader^
[HKLM\Software\FREESOFTTODAY] =>Adware.FreeSoftToday^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKLM\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Supra Savings] =>PUP.SupraSavings^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
[HKLM\Software\supWindowsMangerProtect] =>PUP.Fuyu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
[HKLM\Software\webssearchesSoftware] =>Hijacker.WebsSearches^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae =>PUP.Astromenda^
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\005 =>PUP.AdPeak^
C:\Program Files\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\PriceMeterLiveUpdate =>PUP.PriceMeter^
C:\ProgramData\WindowsMangerProtect =>PUP.Fuyu^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\Usuario\AppData\Roaming\PriceMeterUpdater =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\Usuario\AppData\Local\genienext =>PUP.NextLive^
C:\Users\Usuario\AppData\Local\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Program Files\SupTab\HpUI.exe =>PUP.SupTab^
C:\Program Files\SupTab\Loader32.exe =>PUP.SupTab^
C:\Users\Usuario\AppData\Local\PriceMeter\pricemeterw.exe =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe =>PUP.PriceMeter^
C:\Windows\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4 =>PUP.CrossRider^
C:\Windows\Tasks\Funmoods.job =>PUP.Funmoods^
C:\Windows\System32\Tasks\Funmoods =>PUP.Funmoods^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore =>PUP.PriceMeter^
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job =>PUP.PriceMeter^
C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA =>PUP.PriceMeter^
C:\Users\Usuario\AppData\Roaming\Baidu Security
C:\ProgramData\Baidu Security
C:\Program Files\baidu
ServiceStop:{55dce8ba-9dec-4013-937e-adbf9317d990}Gw
ServiceStop:{55dce8ba-9dec-4013-937e-adbf9317d990}w
ServiceStop:{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w
ServiceStop:IePluginServices
ServiceStop:globalUpdate
ServiceStop:mtgaotushb32
ServiceStop:nuttkoqiez32
ServiceStop:pricemeterliveUpdate
ServiceStop:SparkSvc
ServiceStop:vulsrsebjh32
ServiceStop:BAVSvc
ServiceStop:BHipsSvc
Emptyprefetch
Emptyclsid
Emptyflash
Ifeofix


|- Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Relatório ZHPfix

Mensagem por Gil Raman em Sex 29 Ago 2014, 23:28

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Usuario at 29/08/2014 23:27:39
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 20s)
Prefetcher vazio

========== Softwares ==========
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\update~1\updateproc\updatetask.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\local\pricemeter\uninst.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\vopackage\uninstall.exe
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\pricemeterupdater\updateproc\updatetask.exe
AUSENTE Uninstall Process: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\SupTab\Loader32.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe

========== Estado dos serviços ==========
{55DCE8BA-9DEC-4013-937E-ADBF9317D990}GW Parado
{55DCE8BA-9DEC-4013-937E-ADBF9317D990}W Parado
{9A9157BB-003E-4FEF-8BD1-C09BC4586A28}W Parado
{55dce8ba-9dec-4013-937e-adbf9317d990}Gw Parado
{55dce8ba-9dec-4013-937e-adbf9317d990}w Parado
{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w Parado
IePluginServices Parado
globalUpdate Parado
mtgaotushb32 Parado
nuttkoqiez32 Parado
pricemeterliveUpdate Parado
SparkSvc Parado
vulsrsebjh32 Parado
BAVSvc Parado
BHipsSvc Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Price Meter]
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceMeterUpdater]
ELIMINÉ: Service: globalUpdate
ELIMINÉ: Service: globalUpdatem
ELIMINÉ: Service: pricemeterliveUpdate
ELIMINÉ: Service: pricemeterliveUpdatem
ELIMINÉ: Service: IePluginServices
ELIMINÉ: Service: mtgaotushb32
ELIMINÉ: Service: nuttkoqiez32
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4
ELIMINÉ: Mozilla Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
ELIMINÉ: Mozilla Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
ELIMINÉ: Service: SparkSvc
ELIMINÉ: Service: vulsrsebjh32
ELIMINÉ Driver Key: {55dce8ba-9dec-4013-937e-adbf9317d990}Gw
ELIMINÉ Driver Key: {55dce8ba-9dec-4013-937e-adbf9317d990}w
ELIMINÉ Driver Key: {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w
ELIMINÉ: StartupReg: NeroFilterCheck
ELIMINÉ: HKLM\Software\PIP
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
ELIMINÉ: HKCU\Software\Headlight
ELIMINÉ: HKCU\Software\AppDataLow\Software\suprasavings
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterLiveUpdate
ELIMINÉ: HKCU\Software\SaveSenseLive
ELIMINÉ: HKCU\Software\SupHpUISoft
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\Vittalia
ELIMINÉ: HKCU\Software\WSE_Astromenda
ELIMINÉ: HKCU\Software\freesofttoday
ELIMINÉ: HKCU\Software\globalUpdate
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Coupon Downloader
ELIMINÉ: HKLM\Software\FREESOFTTODAY
ELIMINÉ: HKLM\Software\GlobalUpdate
ELIMINÉ: HKLM\Software\LevelQualityWatcher
ELIMINÉ: HKLM\Software\PriceMeterLiveUpdate
ELIMINÉ: HKLM\Software\SaveSenseLive
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ: HKLM\Software\Supra Savings
ELIMINÉ: HKLM\Software\Tutorials
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWPM
ELIMINÉ: HKLM\Software\supWindowsMangerProtect
ELIMINÉ: HKLM\Software\suprasavings
ELIMINÉ: HKLM\Software\webssearchesSoftware
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Muvic_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
ELIMINÉ: HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
ELIMINÉ: HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
ELIMINÉ: HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
ELIMINÉ: HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
ELIMINÉ: HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
ELIMINÉ: HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
ELIMINÉ: HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}
ELIMINÉ: HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
ELIMINÉ: HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
ELIMINÉ: HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
ELIMINÉ: HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
ELIMINÉ: HKLM\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}
ELIMINÉ: HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}
ELIMINÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Ramo Base de Registos IFEO não infetado !

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : {C2FC0F63-450D-4726-9AC3-488E922E63B0}
ELIMINÉ: FirewallRaz (Public) : {835771F7-EE88-4CC1-B6FB-2F47E79AA6D2}
ELIMINÉ: FirewallRaz (Public) : {0058A188-C017-4938-8603-CE2B7593797F}
ELIMINÉ: FirewallRaz (Public) : {4D208F8A-97F9-4357-BCAD-9A56DFFE703B}
ELIMINÉ: FirewallRaz (Public) : {DD017F28-B658-4AD9-8120-F3832DCEF498}
ELIMINÉ: FirewallRaz (Public) : {2AC1DA99-3F57-44DE-A9E8-EB67EC90F093}
ELIMINÉ: FirewallRaz (Public) : {594CD57C-CAC1-42D6-8066-FA53EC709491}
ELIMINÉ: FirewallRaz (Public) : {4FE0FD9C-DFDF-4559-A088-633FA314DCFB}
ELIMINÉ: RegExtension: {e4f94d1e-2f53-401e-8885-681602c0ddd8}
ELIMINÉ RunValue: GuUnacE
ELIMINÉ RunValue: PriceMeterW

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page = [Você precisa estar registrado e conectado para ver este link.]
ELIMINÉ: R1 Search Page = [Você precisa estar registrado e conectado para ver este link.]
ELIMINÉ: R1 Search Page = [Você precisa estar registrado e conectado para ver este link.]
ELIMINÉ: R1 Search Page = <-loopback>

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.DockingPositionDown", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.Visibility", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.keepAliveLastevent", "1408742961");
ELIMINÉ Mozilla Pref: user_pref("extensions.helperbar.lastExternalJsUpdate", "1408710766225");

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (258) (198.236.366 octets)
ELIMINA REINICIAR: c:\program files\globalupdate\update\googleupdate.exe
ELIMINA REINICIAR: c:\program files\pricemeterliveupdate\update\pricemeterliveupdate.exe
ELIMINA REINICIAR: c:\programdata\iepluginservices\pluginservice.exe
ELIMINA REINICIAR: c:\program files\005\mtgaotushb32.exe
ELIMINA REINICIAR: c:\program files\003\nuttkoqiez32.exe
ELIMINÉ: c:\users\usuario\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ: c:\program files\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
ELIMINÉ: c:\program files\pricemeterliveupdate\update\1.3.23.0\npgoogleupdate3.dll
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\usuario\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://istart.webssearches.com)
CRIADO: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\programdata\iepluginservices\pluginservice.exe
ELIMINÉ: c:\program files\005\mtgaotushb32.exe
ELIMINÉ: c:\program files\003\nuttkoqiez32.exe
ELIMINA REINICIAR: c:\program files\baidu\spark\sparkservice.exe
ELIMINA REINICIAR: c:\program files\005\vulsrsebjh32.exe
ELIMINÉ: c:\windows\tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4.job
ELIMINÉ: c:\windows\system32\tasks\e0a80bcc-b85b-4f10-b438-a0228e0aa5c3-4
ELIMINÉ: c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w.sys
ELIMINÉ: c:\windows\prefetch\pricemeterliveupdate.exe-376284bf.pf
ELIMINÉ: c:\windows\prefetch\pricemeterliveupdatehandler.e-290574d8.pf
ELIMINÉ: c:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}gw.sys
ELIMINÉ: c:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
ELIMINÉ: c:\zoek-results.log
ELIMINÉ: c:\program files\common files\ahead\lib\nerocheck.exe
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-2578862199-3110367618-3840235185-1000UA
ELIMINÉ: {20A7C71D-008A-4132-9DDC-D6239052267D}
ELIMINÉ: {C362CBD1-13DC-4885-96C3-FCF90CD613E1}
ELIMINÉ: ASP
ELIMINÉ: Funmoods
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: LaunchSignup
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineCore
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineCore
ELIMINÉ: PriceMeterLiveUpdateUpdateTaskMachineUA
ELIMINÉ: pricemetertask
ELIMINÉ: pricemeterwatcher
ELIMINÉ: SparkUpdater
ELIMINÉ: SparkUpdater


========== Recapitulativo ==========
2 : Processo memória
77 : Chaves do Registo
13 : Valores do Registo
5 : Elementos dos dados do Registo
2 : Pastas
30 : Ficheiros
6 : Softwares
4 : Preferências do navegador
15 : Estado dos serviços
16 : Tarefa planificada


End of clean in 05mn 43s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 23:28:00 [11545]
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram em Sex 29 Ago 2014, 23:44

Boa Noite! Gil Raman

|- Poste outro relatório da ferramenta ZHPDiag,na opção COMPLETA.
|- Disponibilize o log em Cjoint.com.

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty relatório completo

Mensagem por Gil Raman em Sab 30 Ago 2014, 00:35

[Você precisa estar registrado e conectado para ver este link.]
Gil Raman
Gil Raman
Iniciante
Iniciante

Mensagens : 23
Reputação : 0
Data de inscrição : 26/08/2014

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por joram em Sab 30 Ago 2014, 01:10

Bom Dia! Gil Raman

|- Removi o Script,pois trata-se do relatório anterior,que vc disponibilizou em Cjoint.com.
|- Vc terá que executar,novamente,ZHPDiag e postar um novo relatório.

A+


Última edição por joram em Sab 30 Ago 2014, 01:20, editado 1 vez(es) (Razão : iag)
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Como remover Baidu e CE_umbrella  Empty Re: Como remover Baidu e CE_umbrella

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum