[Arquivado] Excesso de propaganda nos navegadores

[Spyder.RV 0]

Boa noite.

Todos os navegadores estão exibindo propagandas em excesso. Podem me ajudar a verificar se existem malwares?

 

Ambiente: Windows 7 SP1 64bits

 

log do HijackThis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:48:29, on 03/06/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Remoção de Malware\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1401273278&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe (file missing)

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9618 bytes

[Power Max 54]

Olá Spyder.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

[Spyder.RV 0]

Boa noite Power Max, obrigado pelo apoio rápido!

 

segue o log do Adwcleaner:

 

 

 

# AdwCleaner v3.211 - Relatório criado 04/06/2014 às 00:21:53

# Atualizado 26/05/2014 por Xplode

# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

# Usuário : Atendimento - ATENDIMENTO

# Executando de : D:\Dados do PC\Atendimento\Downloads\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : IePluginServices

[#] Serviço Deletada : qknfd

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu

Pasta Deletada : C:\ProgramData\IePluginServices

Pasta Deletada : C:\Program Files (x86)\SupTab

Pasta Deletada : C:\Users\Atendimento\AppData\Local\Mobogenie

Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\baidu

Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\SupTab

Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\Systweak

Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\webssearches

Pasta Deletada : D:\Dados do PC\Atendimento\Documents\Mobogenie

Pasta Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\Extensions\quick_start@gmail.com

Arquivo Deletada : C:\Windows\System32\roboot64.exe

Arquivo Deletada : C:\Users\Atendimento\daemonprocess.txt

Arquivo Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\searchplugins\bingp.xml

Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml

Arquivo Deletada : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\user.js

Arquivo Deletada : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Chave Deletedo : HKCU\Software\genesis

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\Popajar

Chave Deletedo : HKCU\Software\SmileysWeLove

Chave Deletedo : HKCU\Software\systweak

Chave Deletedo : HKCU\Software\AppDataLow\Software

Chave Deletedo : HKLM\Software\SupTab

Chave Deletedo : HKLM\Software\systweak

Chave Deletedo : HKLM\Software\webssearchesSoftware

Chave Deletedo : HKLM\Software\Wpm

Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL

Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "webssearches");

Linha deletada : user_pref("browser.search.selectedEngine", "webssearches");

Linha deletada : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1401742465&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981");

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=vsl&q={searchTerms}

Deletedo [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN24920826942457721&ctid=CT3294557&UM=2

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

Deletedo [search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1401742064&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981&q={searchTerms}

Deletedo [startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1401742408&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981

Deletedo [Homepage] : hxxp://istart.webssearches.com/?type=hppp&ts=1401742408&from=amt&uid=WDCXWD5000AAKX-753CA1_WD-WCAYUFN2798127981

Deletedo [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl

*************************

AdwCleaner[R0].txt - [8523 octets] - [04/06/2014 00:21:29]

AdwCleaner[s0].txt - [6883 octets] - [04/06/2014 00:21:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6943 octets] ##########

[Power Max 54]

No seu PC está constando também o Baidu, você quer removê-lo ou prefere continuar com ele?

[Spyder.RV 0]

Eu já tinha desinstalado ele antes de iniciar o chamado aqui...

 

Fica lixo depois que desinstala?

[Power Max 54]

Muitas vezes sobram restos mesmo depois de desinstalar.

 

Desative temporariamente seu antivírus para evitar conflitos.

 

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

*Clique com o botão direito do mouse no Zoek.exe e selecione

 

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

 

*Clique [Run Script]

 

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

 

 

*Caso a reinicialização do PC seja solicitada, clique [OK]

 

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

[Spyder.RV 0]

Boa tarde.

Segue log do zoek-results.txt

 

 

Zoek.exe v5.0.0.0 Updated 02-June-2014

Tool run by Atendimento on 05/06/2014 at 12:45:09,65.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

05/06/2014 12:45:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js:

user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");

user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default

user.js not found

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- FireFox user.js and prefs.js backups ----

prefs_062014_1250_.backup

==== Deleting Files \ Folders ======================

C:\Users\Atendimento\.android deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted

C:\Users\Atendimento\AppData\Roaming\smileyswelove deleted

C:\PROGRA~3\WindowsProtectManger deleted

C:\Users\Atendimento\AppData\Local\cache deleted

C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\jetpack deleted

==== Folders Found ======================

2014-06-04 03:21:53 2014-06-04 03:21:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu

2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu

2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu\Baidu Antivirus

2014-05-27 12:03:38 2014-05-27 12:08:03 -------- d-----w- C:\Program Files (x86)\Baidu Security

2014-05-27 12:03:38 2014-06-02 20:53:56 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus

2014-05-27 12:03:49 2014-06-04 20:46:28 -------- d-----w- C:\ProgramData\Baidu Security

2014-05-27 12:03:49 2014-06-04 20:46:28 -------- d-----w- C:\Users\All Users\Baidu Security

2014-05-27 12:08:51 2014-05-27 12:08:51 -------- d-----w- C:\Users\Atendimento\AppData\Roaming\Baidu Security

2014-05-27 12:02:57 2014-05-27 12:02:57 -------- d-----w- C:\Users\Public\Documents\Baidu

2014-05-27 12:08:33 2014-05-27 12:14:18 -------- d-----w- C:\Users\Public\Documents\Baidu Security

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]

"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]

"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]

"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]

"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]

"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]

"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]

"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]

"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]

"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]

"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]

"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]

"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]

"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]

"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]

"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]

"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]

"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]

"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]

"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]

"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]

"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log\Skype.exe]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541929]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541929]

"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.67371&userid=167558719c617ec0ff0bcaf1a560bc2a&old_userid=WD-WCAYU-F04DA2E5C584!69d48d61-f33b-4673-8539-673fec9ea8cc@#F04DA2E5C584&install_time=2014-05-27 12:08:33&parent_name="

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.67371&userid=167558719c617ec0ff0bcaf1a560bc2a&old_userid=WD-WCAYU-F04DA2E5C584!69d48d61-f33b-4673-8539-673fec9ea8cc@#F04DA2E5C584&install_time=2014-05-27 12:08:33&parent_name="

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"quiknowledge@quiknowledge.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\ATENDI~1\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default

- Undetermined - C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default\extensions\quick_start@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Atendimento\AppData\Roaming\Mozilla\Firefox\Profiles\83iaojwb.default

A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fdjkhamgopgokjmllcmpkiijndjeidcl - C:\Users\Atendimento\AppData\Local\Temp\twsfiles\trustedshopper.crx[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]

Google Docs - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

TV - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph

Google Search - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Maps - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh

Google Wallet - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Atendimento\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

"Default_Page_URL"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://br.hao123.com/?tn=fa_pro_hp_03_hao123_br"

"Search Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{86c83f9e-48a4-4cd2-a763-64fea5df35f7} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\quiknowledge@quiknowledge.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -

C:\Users\Atendimento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk - C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk - C:\Program Files (x86)\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe After Effects CS6.lnk - C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Dreamweaver CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Encore CS6.lnk - C:\Program Files\Adobe\Adobe Encore CS6\Adobe Encore.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Illustrator CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe InDesign CS6.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Media Encoder CS6.lnk - C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Premiere Pro CS6.lnk - C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Ajuda.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Assistente.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Wizard

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Avançada.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start CCC

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Reiniciar Runtime.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe Restart

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Duplexing Wizard (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut10_449D396305C74241ABE7BA91391CF9B4.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Video Tutorials X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\VideoBrowser64\VideoBrowser.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Documentation\CorelDRAW Graphics Suite X6 Guidebook.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)\Documentation\Macro Programming Guide.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Data\Macro Programming Guide.pdf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Management Engine Components\Intel® Management and Security Status.lnk - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Atendimento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdjkhamgopgokjmllcmpkiijndjeidcl deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\genesis_05292101 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Atendimento\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Atendimento\AppData\Local\Mozilla\Firefox\Profiles\83iaojwb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Atendimento\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=223 folders=31 5629110 bytes)

==== Empty Temp Folders ======================

C:\Users\Atendimento\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ATENDI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Atendimento\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 05/06/2014 at 13:03:00,63 ======================

[Power Max 54]

Desative temporariamente seu antivírus para evitar conflitos.

 

*Clique com o botão direito do mouse no Zoek.exe e selecione

 

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

 

*Clique [Run Script]

 

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

 

 

*Caso a reinicialização do PC seja solicitada, clique [OK]

 

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

[Spyder.RV 0]

Olá... desculpe a demora... o pc estava indisponível para eu continuar.

 

Segue o log do zoek após a nova iteração:

 

 

Zoek.exe v5.0.0.0 Updated 16-June-2014

Tool run by Atendimento on 17/06/2014 at 17:48:07,01.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-160300.log 40405 bytes

==== System Restore Info ======================

17/06/2014 17:48:35 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

"DllVersion_2.0"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

"uuurl"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]

"DllName"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]

"DllName"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]

"InstPath"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]

"DisplayName"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]

"InstPath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]

"ImagePath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]

"InstPath"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]

"DisplayName"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]

"InstPath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]

"ImagePath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]

"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]

"InstPath"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]

"DisplayName"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]

"DisplayName"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]

"InstPath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]

"ImagePath"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]

[-HKEY_USERS\.DEFAULT\Software\Baidu]

[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu\Application Bug\Bav\log]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"ucloud"=-

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"dcloud"=-

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

"rcloud"=-

"url"=-

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

"url"=-

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\Setup]

[-HKEY_USERS\S-1-5-18\Software\Baidu]

[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Baidu Security deleted

C:\ProgramData\Baidu Security deleted

C:\Users\Atendimento\AppData\Roaming\Baidu Security deleted

C:\Users\Public\Documents\Baidu deleted

C:\Users\Public\Documents\Baidu Security deleted

==== Folders Found ======================

2014-06-04 03:21:53 2014-06-04 03:21:53 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu

2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu

2014-06-04 03:21:54 2014-06-04 03:21:54 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Atendimento\AppData\Roaming\baidu\Baidu Antivirus

2014-06-17 20:49:18 2014-06-17 20:49:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security

2014-06-17 20:49:19 2014-06-02 20:53:56 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus

2014-06-17 20:49:19 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security

2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security

2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Atendimento_AppData_Roaming_Baidu Security

2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu

2014-06-17 20:49:20 2014-06-17 20:49:20 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security

2014-06-17 20:49:18 2014-06-02 20:53:56 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus

==== Files Found ======================

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=275 folders=71 193403540 bytes)

==== EOF on 17/06/2014 at 17:50:34,01 ======================

[Power Max 54]

Desative temporariamente seu antivírus para evitar conflitos.

 

*Clique com o botão direito do mouse no Zoek.exe e selecione

 

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

 

*Clique [Run Script]

 

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

 

 

*Caso a reinicialização do PC seja solicitada, clique [OK]

 

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

[Spyder.RV 0]

boa tarde.

 

segue o log:

 

 

Zoek.exe v5.0.0.0 Updated 16-June-2014

Tool run by Atendimento on 18/06/2014 at 14:22:34,83.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Remoção de Malware\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-05-160300.log 40405 bytes

C:\zoek-results2014-06-17-205034.log 14029 bytes

==== System Restore Info ======================

18/06/2014 14:23:11 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\Antivirus\web]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[-HKEY_USERS\S-1-5-21-1257053334-984193926-2762293153-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install\27541976]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=275 folders=71 193403540 bytes)

==== EOF on 18/06/2014 at 14:23:34,84 ======================

[Power Max 54]

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

[Spyder.RV 0]

Boa tarde.

Segue o log do JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by Atendimento on 22/06/2014 at 14:42:54,22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22/06/2014 at 14:46:11,77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Power Max 54]

:seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.