Spyder.RV 0 Denunciar post Postado Junho 4, 2014 Boa noite.Todos os navegadores estão exibindo propagandas em excesso. Podem me ajudar a verificar se existem malwares? Ambiente: Windows 7 SP1 64bits log do HijackThis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 23:48:29, on 03/06/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Remoção de Malware\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe (file missing) O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9618 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 4, 2014 Olá Spyder. Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer: http://www.bleepingcomputer.com/download/adwcleaner/ :seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial: Remova adwares e toolbars maliciosas com o Adwcleaner * Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 4, 2014 Boa noite Power Max, obrigado pelo apoio rápido! segue o log do Adwcleaner: # AdwCleaner v3.211 - Relatório criado 04/06/2014 às 00:21:53# Atualizado 26/05/2014 por Xplode # Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits) # Usuário : Atendimento - ATENDIMENTO # Executando de : D:\Dados do PC\Atendimento\Downloads\AdwCleaner.exe # Opção : Limpar ***** [ Serviços ] ***** Serviço Deletada : IePluginServices [#] Serviço Deletada : qknfd ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\ProgramData\baidu Pasta Deletada : C:\ProgramData\IePluginServices Pasta Deletada : C:\Program Files (x86)\SupTab Pasta Deletada : C:\Users\Atendimento\AppData\Local\Mobogenie Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\baidu Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\SupTab Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\Systweak Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\webssearches Pasta Deletada : D:\Dados do PC\Atendimento\Documents\Mobogenie Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\Extensions\quick_start@gmail.com Arquivo Deletada : C:\Windows\System32\roboot64.exe Arquivo Deletada : C:\Users\Atendimento\daemonprocess.txt Arquivo Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\searchplugins\bingp.xml Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml Arquivo Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\user.js Arquivo Deletada : C:\Windows\System32\Tasks\AmiUpdXp ***** [ Atalhos ] ***** ***** [ Registro ] ***** Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com] Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32 Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Chave Deletedo : HKCU\Software\genesis Chave Deletedo : HKCU\Software\InstallCore Chave Deletedo : HKCU\Software\Popajar Chave Deletedo : HKCU\Software\SmileysWeLove Chave Deletedo : HKCU\Software\systweak Chave Deletedo : HKCU\Software\AppDataLow\Software Chave Deletedo : HKLM\Software\SupTab Chave Deletedo : HKLM\Software\systweak Chave Deletedo : HKLM\Software\webssearchesSoftware Chave Deletedo : HKLM\Software\Wpm Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL ***** [ Navegadores ] ***** -\\ Internet Explorer v8.0.7601.17514 Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] -\\ Mozilla Firefox v29.0.1 (pt-BR) [ Arquivo : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js ] Linha deletada : user_pref("browser.search.defaultenginename", "webssearches"); Linha deletada : user_pref("browser.search.selectedEngine", "webssearches"); Linha deletada : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1401742465&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981"); -\\ Google Chrome v35.0.1916.114 [ Arquivo : C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deletedo [search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms} Deletedo [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN24920826942457721&ctid=CT3294557&UM=2 Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms} Deletedo [search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1401742064&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms} Deletedo [startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401742408&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981 Deletedo [Homepage] : hxxp://istart.webssearches.com/?type=hppp&ts=1401742408&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981 Deletedo [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl ************************* AdwCleaner[R0].txt - [8523 octets] - [04/06/2014 00:21:29] AdwCleaner[s0].txt - [6883 octets] - [04/06/2014 00:21:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6943 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 4, 2014 No seu PC está constando também o Baidu, você quer removê-lo ou prefere continuar com ele? Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 5, 2014 Eu já tinha desinstalado ele antes de iniciar o chamado aqui... Fica lixo depois que desinstala? Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 5, 2014 Muitas vezes sobram restos mesmo depois de desinstalar. Desative temporariamente seu antivírus para evitar conflitos. Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe: http://www.hijackthis.nl/smeenk/ *Clique com o botão direito do mouse no Zoek.exe e selecione * Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek. *Clique [Run Script] *Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar! *Caso a reinicialização do PC seja solicitada, clique [OK] * Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 5, 2014 Boa tarde. Segue log do zoek-results.txt Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by Atendimento on 05/06/2014 at 12:45:09,65. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 05/06/2014 12:45:51 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js: user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search"); Added to C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default user.js not found ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- prefs_062014_1250_.backup ==== Deleting Files \ Folders ====================== C:\Users\Atendimento\.android deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted C:\Users\Atendimento\AppData\Roaming\smileyswelove deleted C:\PROGRA~3\WindowsProtectManger deleted C:\Users\Atendimento\AppData\Local\cache deleted C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\jetpack deleted ==== Folders Found ====================== 2014-06-04 03:21:53 2014-06-04 03:21:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu 2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu 2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu\Baidu Antivirus 2014-05-27 12:03:38 2014-05-27 12:08:03 -------- d-----w- C:\Program Files (x86)\Baidu Security 2014-05-27 12:03:38 2014-06-02 20:53:56 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus 2014-05-27 12:03:49 2014-06-04 20:46:28 -------- d-----w- C:\ProgramData\Baidu Security 2014-05-27 12:03:49 2014-06-04 20:46:28 -------- d-----w- C:\Users\All Users\Baidu Security 2014-05-27 12:08:51 2014-05-27 12:08:51 -------- d-----w- C:\Users\Atendimento\AppData\Roaming\Baidu Security 2014-05-27 12:02:57 2014-05-27 12:02:57 -------- d-----w- C:\Users\Public\Documents\Baidu 2014-05-27 12:08:33 2014-05-27 12:14:18 -------- d-----w- C:\Users\Public\Documents\Baidu Security ==== Files Found ====================== ==== Registry Search Results for "Baidu" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\baidu] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] "DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] "uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi" [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}] "DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}] "DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] "DisplayName"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon] "DisplayName"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef] "DisplayName"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "DisplayName"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx] "DisplayName"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil] "ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] "DisplayName"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] "DisplayName"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef] "DisplayName"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "DisplayName"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx] "DisplayName"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil] "ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] "DisplayName"="Baidu Antivirus Minifilter Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] "DisplayName"="Baidu FS Monitor Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef] "DisplayName"="Baidu NetDefense" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "DisplayName"="Baidu Protect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx] "DisplayName"="Baidu ProtectEx" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx] "InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil] "ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys" [HKEY_USERS\.DEFAULT\Software\Baidu] [HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug] [HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav] [HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log] [HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log\Skype.exe] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "ucloud"="u.br.bav.baidu.com" [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi" [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi" [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541929] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541929] "url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.67371&userid=167558719c617ec0ff0bcaf1a560bc2a&old_userid=WD-WCAYU-F04DA2E5C584!69d48d61-f33b-4673-8539-673fec9ea8cc@#F04DA2E5C584&install_time=2014-05-27 12:08:33&parent_name=" [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] "url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.67371&userid=167558719c617ec0ff0bcaf1a560bc2a&old_userid=WD-WCAYU-F04DA2E5C584!69d48d61-f33b-4673-8539-673fec9ea8cc@#F04DA2E5C584&install_time=2014-05-27 12:08:33&parent_name=" [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\Setup] [HKEY_USERS\S-1-5-18\Software\Baidu] [HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug] [HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav] [HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log] [HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "quiknowledge@quiknowledge.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default - Undetermined - C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\extensions\quick_start@gmail.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fdjkhamgopgokjmllcmpkiijndjeidcl - C:\Users\Atendimento\AppData\Local\Temp\twsfiles\trustedshopper.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] Google Docs - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo TV - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph Google Search - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Maps - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Google Wallet - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {86c83f9e-48a4-4cd2-a763-64fea5df35f7} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\quiknowledge@quiknowledge.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk - C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk - C:\Program Files (x86)\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe After Effects CS6.lnk - C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Dreamweaver CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Encore CS6.lnk - C:\Program Files\Adobe\Adobe Encore CS6\Adobe Encore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Illustrator CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe InDesign CS6.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Media Encoder CS6.lnk - C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Premiere Pro CS6.lnk - C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Ajuda.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Assistente.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Wizard C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Avançada.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start CCC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Reiniciar Runtime.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe Restart C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Duplexing Wizard (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut10_449D396305C74241ABE7BA91391CF9B4.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Video Tutorials X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\VideoBrowser64\VideoBrowser.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Documentation\CorelDRAW Graphics Suite X6 Guidebook.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Documentation\Macro Programming Guide.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Data\Macro Programming Guide.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Management Engine Components\Intel® Management and Security Status.lnk - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdjkhamgopgokjmllcmpkiijndjeidcl deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\genesis_05292101 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Atendimento\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Atendimento\AppData\Local\Mozilla\Firefox\Profiles\83iaojwb.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=223 folders=31 5629110 bytes) ==== Empty Temp Folders ====================== C:\Users\Atendimento\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ATENDI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on 05/06/2014 at 13:03:00,63 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 5, 2014 Desative temporariamente seu antivírus para evitar conflitos. *Clique com o botão direito do mouse no Zoek.exe e selecione * Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek. *Clique [Run Script] *Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar! *Caso a reinicialização do PC seja solicitada, clique [OK] * Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 17, 2014 Olá... desculpe a demora... o pc estava indisponível para eu continuar. Segue o log do zoek após a nova iteração: Zoek.exe v5.0.0.0 Updated 16-June-2014 Tool run by Atendimento on 17/06/2014 at 17:48:07,01. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-06-05-160300.log 40405 bytes ==== System Restore Info ====================== 17/06/2014 17:48:35 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] "DllVersion_2.0"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] "uuurl"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}] "DllName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}] "DllName"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "InstPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "InstPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "InstPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx] "DisplayName"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil] "ImagePath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil] [-HKEY_USERS\.DEFAULT\Software\Baidu] [-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug] [-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav] [-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log] [-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "ucloud"=- [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "dcloud"=- [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] "rcloud"=- "url"=- [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] "url"=- [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\Setup] [-HKEY_USERS\S-1-5-18\Software\Baidu] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe] [-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Baidu Security deleted C:\ProgramData\Baidu Security deleted C:\Users\Atendimento\AppData\Roaming\Baidu Security deleted C:\Users\Public\Documents\Baidu deleted C:\Users\Public\Documents\Baidu Security deleted ==== Folders Found ====================== 2014-06-04 03:21:53 2014-06-04 03:21:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu 2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu 2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu\Baidu Antivirus 2014-06-17 20:49:18 2014-06-17 20:49:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security 2014-06-17 20:49:19 2014-06-02 20:53:56 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus 2014-06-17 20:49:19 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security 2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security 2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Atendimento_AppData_Roaming_Baidu Security 2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu 2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security 2014-06-17 20:49:18 2014-06-02 20:53:56 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus ==== Files Found ====================== ==== Registry Search Results for "Baidu" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\baidu] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload] [HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install] [HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=275 folders=71 193403540 bytes) ==== EOF on 17/06/2014 at 17:50:34,01 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 18, 2014 Desative temporariamente seu antivírus para evitar conflitos. *Clique com o botão direito do mouse no Zoek.exe e selecione * Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek. *Clique [Run Script] *Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar! *Caso a reinicialização do PC seja solicitada, clique [OK] * Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 18, 2014 boa tarde. segue o log: Zoek.exe v5.0.0.0 Updated 16-June-2014 Tool run by Atendimento on 18/06/2014 at 14:22:34,83. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-06-05-160300.log 40405 bytes C:\zoek-results2014-06-17-205034.log 14029 bytes ==== System Restore Info ====================== 18/06/2014 14:23:11 Zoek.exe System Restore Point Created Succesfully. ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload] [-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install] [-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976] ==== Registry Search Results for "Baidu" ====================== No instances of string "Baidu" found. ==== C:\zoek_backup content ====================== C:\zoek_backup (files=275 folders=71 193403540 bytes) ==== EOF on 18/06/2014 at 14:23:34,84 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 18, 2014 Baixe o programa Junkware Removal Tool no link abaixo: http://thisisudax.org/downloads/JRT.exe Para executar corretamente o programa acima é só seguir as dicas deste tutorial: Tutorial do Junkware Removal Tool * Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Spyder.RV 0 Denunciar post Postado Junho 22, 2014 Boa tarde. Segue o log do JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Atendimento on 22/06/2014 at 14:42:54,22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22/06/2014 at 14:46:11,77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Junho 22, 2014 :seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman ) Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo: Tutorial de instalação e execução do aplicativo ZHPDiag * Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 28, 2014 Tópico Arquivado Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
