Desinstalar antivirus Baidu no Windows XP

já li tópico e segue Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:21:08, on 2/1/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BavTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARQUIV~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Documents and Settings\Margarete\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Margarete\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Margarete\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Margarete\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Margarete\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Margarete\Meus documentos\Downloads\HijackThis (3).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Arquivos de programas\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Watchdog do AVG (avgwd) - Unknown owner - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe (file missing)
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Arquivos de programas\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\ARQUIV~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

--
End of file - 7819 bytes

Não sei se está certo agradeço desde já

 Oi Margarete! Seja bem-vinda ao Fórum PC Brasil.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Extraia para o Desktop (Área de Trabalho)

*Execute-o e informe se consegue ver o ícone do Baidu

Se ele aparecer na lista, você pode desinstalá-lo usando o próprio Revo Uninstaller.
_______________________________

Caso o Revo Uninstaller não encontre o Baidu, faça o seguinte:

Baixe o Zoek (...de Smeenk) [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho).

Ao acessar o link indicado acima, clique na opção de baixar a sua versão com a extensão ZIP, como mostra esta imagem:


Depois de baixá-lo extraia o seu conteúdo. Para isto basta clicar sobre o arquivo compactado que você acabou de baixar com o botão direito do mouse e escolher a opção Extrair aqui, como mostra esta imagem:


*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Cole as linhas em marrom no espaço

autoclean;
emptyclsid;
emptytemp;
startupall;
Baidu;z
Baidu;a
hijackthis;
process;
uninstall-list;

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Olá bom dia!
Olha não consegui,pois o link q vc me passou
é versão 5.0.0 zip e ao executar pede senha.
Abriu diferente do que vc postou,pois o meu é XP.
Por favor peço ajuda novamente.
Obrigado!!!!!!!!!!!

A versão 5 do Zoek é praticamente igual à 4 que tinha te passado.

Os procedimentos agora são estes:

Baixe o Zoek (...de Smeenk) [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho).

Ao acessar o link indicado acima, clique na opção de baixar a sua versão com a extensão ZIP, como mostra esta imagem:

Depois de baixá-lo extraia o seu conteúdo. Para isto basta clicar sobre o arquivo compactado que você acabou de baixar com o botão direito do mouse e escolher a opção Extrair aqui, como mostra esta imagem:


*Dê um duplo clique com o botão esquerdo do mouse no Zoek.exe como mostra esta imagem:


Se aparecer alguma mensagem do Windows pedindo se você pretende executar este programa, confirme.

*Cole as linhas em marrom no espaço em branco do Zoek:
autoclean;
emptyclsid;
emptytemp;
startupall;
Baidu;z
Baidu;a
hijackthis;
process;
uninstall-list;

*Clique [Run Script] como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 05-Januari-2014
Tool run by Margarete on seg 06/01/2014 at 16:13:16,78.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Margarete\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/1/2014 16:14:24 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46575637-0076-A76A-76A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46575637-0076-A76A-76A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46575637-0076-A76A-76A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} deleted successfully

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Margarete\Desktop\zoek.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater10.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vToolbarUpdater10.2.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\51xov15u.default

user.js not found
---- Lines {1E73965B-8B48-48be-9C8D-68B920ABC1C4} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- Lines {F53C93F1-07D5-430c-86D4-C9531B27DFAF} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20140601_1619_.backup

ProfilePath: C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\ftflqdq6.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140601_1619_.backup

ProfilePath: C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default

---- Lines ask.com removed from prefs.js ----
user_pref("extensions.FWV7.domain", "\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("extensions.FWV7.hpr_ff", "\"http://www.search.ask.com/?p2=%5EB1Y%5Ezzz000%5EYY%5EBR&gct=hp&o=APN10949&apn_ptnrs=%5EB1Y&apn_dtid=%5Ezzz000%5
user_pref("extensions.FWV7.pref_tab_close", "[{\"title\":\"conta%20de%20telefone%20vivo%20-%20Ask.com%20Search\",\"url\":\"http://www.search.ask.com/w
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.8,toolbar_FWV7%40apn.ask.com:29.3,%7B972ce4c6-7e08-4474-a285-320
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\
---- FireFox user.js and prefs.js backups ----

user_20140601_1619_.backup
prefs_20140601_1619_.backup

==== Deleting Files \ Folders ======================

C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
C:\Arquivos de programas\DealPly deleted
C:\Arquivos de programas\WebCake deleted
C:\Arquivos de programas\AskPartnerNetwork deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Uniblue deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\baidu deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\iSafe deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Dealply deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\AVG Secure Search deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Systweak deleted
C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork deleted
C:\Documents and Settings\All Users\Dados de aplicativos\APN deleted
C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu deleted
C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer deleted
C:\Documents and Settings\Margarete\Menu Iniciar\Programas\DealPly deleted
C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job deleted
C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job deleted
C:\WINDOWS\tasks\At5.job deleted
C:\WINDOWS\tasks\At6.job deleted
C:\WINDOWS\tasks\At7.job deleted
C:\WINDOWS\tasks\At8.job deleted
C:\WINDOWS\tasks\At9.job deleted
C:\WINDOWS\system32\roboot.exe deleted
C:\WINDOWS\System32\SET100.tmp deleted
C:\WINDOWS\System32\SET101.tmp deleted
C:\WINDOWS\System32\SET102.tmp deleted
C:\WINDOWS\System32\SET105.tmp deleted
C:\WINDOWS\System32\SET171.tmp deleted
C:\WINDOWS\System32\SET179.tmp deleted
C:\WINDOWS\System32\SET17A.tmp deleted
C:\WINDOWS\System32\SET17B.tmp deleted
C:\WINDOWS\System32\SET17F.tmp deleted
C:\WINDOWS\System32\SET180.tmp deleted
C:\WINDOWS\System32\SET181.tmp deleted
C:\WINDOWS\System32\SET185.tmp deleted
C:\WINDOWS\System32\SET187.tmp deleted
C:\WINDOWS\System32\SETEB.tmp deleted
C:\WINDOWS\System32\SETEF.tmp deleted
C:\WINDOWS\System32\SETF0.tmp deleted
C:\WINDOWS\System32\SETF7.tmp deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\searchplugins\ask-search.xml deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\searchplugins\improvedsearch.xml deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\searchplugins\SweetIM Search.xml deleted
C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\extensions\toolbar_FWV7@apn.ask.com.xpi deleted

==== Folders Found ======================

2014-01-02 21:54:47 2014-01-02 22:14:59 -------- d-----w- C:\Arquivos de programas\Baidu Security
2014-01-02 21:55:31 2014-01-03 09:44:59 -------- d-----w- C:\Arquivos de programas\Baidu Security\Baidu Antivirus
2014-01-02 21:55:37 2014-01-02 21:55:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\baidu
2014-01-02 21:55:02 2014-01-02 21:55:04 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2014-01-02 21:54:50 2014-01-02 22:14:57 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2014-01-02 21:51:47 2014-01-02 22:14:57 -------- d-----w- C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security
2014-01-02 22:28:16 2014-01-02 22:28:16 -------- d-----w- C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-02 22:28:16 2014-01-02 22:28:16 -------- d-----w- C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-01-06 18:19:31 2014-01-06 18:19:31 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu
2014-01-06 18:19:29 2014-01-06 18:19:29 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu
2014-01-06 18:19:29 2014-01-02 21:55:56 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu\Baidu Antivirus

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\Documents and Settings\\All Users\\Application Data\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-pcftray-2014-01-02 01-03-00-0593-[15902].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-02 01-03-00-0015-[15902].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-02 01-28-40-0578-[20931].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Exam]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Google Update_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16A.exe"="Baidu PC Faster Updater"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16C.exe"="Baidu Antivirus Updater"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\PC_Faster_Setup_B23.exe"="PC Faster Setup"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_027.exe"="Baidu Antivirus Setup"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavTray.exe"="Baidu Antivirus Tray Application"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavSvc.exe"="Baidu Antivirus Service"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"="PC Faster"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\GameFaster.exe"="PC Faster Game Faster"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"="AppStoreUpdater"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"="PCAppStore Downloader"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Margarete\\Dados de aplicativos\\baidu\\hao123-br\\hao123.1.0.0.1104.exe"="hao123 Desktop Shortcut"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"="Baidu Antivirus Uninstall"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\investigate.exe"="Baidu Antivirus Investigate Application"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp""
"nlpo_02"="rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg"
"nlpo_03"="rundll32 advpack.dll,LaunchINFSection nlite.inf,S"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp""
"nlpo_02"="rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg"
"nlpo_03"="rundll32 advpack.dll,LaunchINFSection nlite.inf,S"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_TRAY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgtray"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\AVG\\AVG2012\\avgtray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BGReminderTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BGReminder"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Dr.Kawashima\\ReminderTool\\BGReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner"
"hkey"="HKCU"
"command"="\"C:\\Arquivos de programas\\CCleaner\\CCleaner.exe\" /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Hp\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Arquivos de programas\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVDDXSrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDDXSrv"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Arquivos comuns\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vprot"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\AVG Secure Search\\vprot.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Margarete^Menu Iniciar^Programas^Inicializar^Atalho para Add Licence To Your Windows.lnk]
"path"="C:\\Documents and Settings\\Margarete\\Menu Iniciar\\Programas\\Inicializar\\Atalho para Add Licence To Your Windows.lnk"
"backup"="C:\\WINDOWS\\pss\\Atalho para Add Licence To Your Windows.lnkStartup"
"command"="C:\\Arquivos de programas\\Add Licence To Your Windows.reg "
"item"="Atalho para Add Licence To Your Windows"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 18:54]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-287218729-725345543-1004Core.job --a------ C:\Documents and Settings\Margarete\Configuraes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-287218729-725345543-1004UA.job --a------ C:\Documents and Settings\Margarete\Configuraes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\Install.job --a------ C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe []
C:\WINDOWS\tasks\Install.job --a------ MargareteNSSStub exe0 []
C:\WINDOWS\tasks\Install.job --a------ C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe []
C:\WINDOWS\tasks\Install.job --a------ MargareteNSSStub exe0 []
C:\WINDOWS\tasks\Install.job --a------  s@ 3C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe []
C:\WINDOWS\tasks\Install.job --a------ C: [06/01/2014 16:20]
C:\WINDOWS\tasks\OGALogon.job --a------ C:\WINDOWS\system32\OGAEXEC.exe [03/08/2009 16:07]
C:\WINDOWS\tasks\User_Feed_Synchronization-{49BD8E78-CEE6-430B-9608-D57A669C0E74}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08/03/2009 05:31]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\10.2.0.3" []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default
- WebCake - %ProfilePath%\extensions\plugin@getwebcake.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
- Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BE501CBC29B2025A263D80D399F1797A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
31DA97B4682187C6639BBE2215814FDA - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1C8124B6A03A620EB0CBCA615666D2AE - C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\extensions\plugin@getwebcake.com deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Arquivos de programas\AVG\AVG2012\Chrome\safesearch.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\Arquivos de programas\AVG\AVG2012\Chrome\donottrack.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=4shared_hp_hao123_br"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://isearch.avg.com/tab?cid={4027DC1E-B43D-4754-8E14-2E9299E4B22A}&mid=456a52f4af6147d0934bd16ae81b7457-d3bb868d81dc3e8dd2e32db581882440f9575925&lang=pt-br&ds=AVG&pr=fr&d=2012-04-02 13:24:22&v=10.2.0.3&sap=nt"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Uninstall List x86 ======================

Acrobat.com  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}]
Acrobat.com  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1]
Adobe Acrobat 5.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FDB3B167-F4FA-461D-976F-286304A57B2A}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Flash Player 10 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader XI (11.0.05) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
Adobe Shockwave Player 11.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
Advertising Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}]
Assistente de Conexão do Windows Live [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}]
AVG 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13F50002-01CE-43AE-8D58-9EB0850C217D}]
AVG 2012 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EB62E6D5-E217-45DD-9C42-A3BBEBA89955}]
Dell Resource CD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{42929F0F-CE14-47AF-9FC7-FF297A603021}]
Dr Kawashima [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrainGame]
Estudo de melhoria do produto HP Deskjet 1000 J110 series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{16350E4D-D662-4103-BC10-7F729E16E96E}]
Ferramenta de Carregamento do Windows Live [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}]
FrostWire 5.6.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FrostWire 5]
Google Chrome [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
HP Deskjet 1000 J110 series Ajuda [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}]
HP Photo Creations [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations]
HP Update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}]
HSPA USB Modem [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HSPA USB Modem]
Java 7 Update 45 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217025FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E5233E1-7495-44FB-8DEB-4BE906D59619}]
Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
Microsoft .NET Framework 3.0 Service Pack 2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}]
Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft .NET Framework 4 Client Profile PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A15757-4AE4-3C82-9711-863C84AFE6AA}]
Microsoft Choice Guard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}]
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01009]
Microsoft Office Professional Edição 2003 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90110416-6000-11D3-8CFE-0150048383C9}]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]
Mozilla Firefox 25.0.1 (x86 pt-BR) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0.1 (x86 pt-BR)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}]
MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
Multimedia Launcher [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
Nero 9 Lite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{620f34d4-adf4-42ad-bfa9-cc6352068755}]
Nero ControlCenter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}]
Nero Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E8A80433-302B-4FF1-815D-FCC8EAC482FF}]
Nero Online Upgrade [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}]
Nero StartSmart [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7748AC8C-18E3-43BB-959B-088FAEA16FB2}]
neroxml  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}]
NVIDIA Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers]
NVIDIA ForceWare Network Access Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}]
NVIDIA ForceWare Network Access Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}]
OGA Notifier 2.0.0048.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}]
PCI SoftV92 Modem [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1]
PowerDVD  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
PowerProducer  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}]
REALTEK GbE & FE Ethernet PCI-E NIC Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C9BED750-1211-4480-B1A5-718A3BE15525}]
Segoe UI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}]
Software básico do dispositivo HP Deskjet 1000 J110 series [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B774EBF3-D178-4EAA-9E96-CFAAC0D00D16}]
Unity Web Player [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
WebFldrs XP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}]
Windows Internet Explorer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ie8]
Windows Live Call [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{590035D9-BFA0-406A-A7F0-479C72C0DDB2}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3]
Windows Live Galeria de Fotos [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{74AD1846-2010-4FB1-8E24-B6F2B87150C2}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}]
Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2DF215E0-BD3C-4C98-8616-AFEF09747285}]
Windows XP Service Pack 3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack]

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Arquivos de programas\AVG\AVG2012\avgdtiex.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Watchdog do AVG (avgwd) - Unknown owner - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

==== Empty IE Cache ======================

C:\Documents and Settings\Antonio\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Margarete\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Margarete\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=78 40986946 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\MARGAR~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on seg 06/01/2014 at 16:24:25,95 ======================

Novamente aqui estou!
Não sei se é isso que vc pediu.
Não saiu do computador quando abro aparece a tela inicial do baidu.
obrigado mais uma vez!!!!!!

Dê um duplo clique com o botão esquerdo do mouse no Zoek.exe como mostra esta imagem:


Se aparecer alguma mensagem do Windows pedindo se você pretende executar este programa, confirme.

*Copie todo este texto em marrom abaixo e cole-o no espaço em branco do Zoek:

C:\Arquivos de programas\Baidu Security;fs
C:\Arquivos de programas\Baidu Security\Baidu Antivirus;fs
C:\Documents and Settings\All Users\Application Data\baidu;fs
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security;fs
C:\Documents and Settings\All Users\Documentos\Baidu Security;fs
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security;fs
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall;fs
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK;fs
Bfilter;s
Bfmon;s
Bhbase;s
Bprotect;s
BprotectEx;s
PCFApiUtil;s
BAVSvc;s
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
"DllVersion_2.0"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing];r
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-pcftray-2014-01-02 01-03-00-0593-[15902].dat"=-;r
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-02 01-03-00-0015-[15902].dat"=-;r
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-02 01-28-40-0578-[20931].dat"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp];r
{77FEF28E-EB96-44FF-B511-3185DEA48697};c
{B580CF65-E151-49C3-B73F-70B13FCA8E86};c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}];r
"DllName"=-;r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}];r
"DllName"=-;r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Baidu Antivirus];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus];r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil];r
"ImagePath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCFApiUtil];r
"ImagePath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000];r
"DeviceDesc"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx];r
"DisplayName"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx];r
"InstPath"=-;r
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil];r
"ImagePath"=-;r
[-HKEY_USERS\.DEFAULT\Software\Baidu];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br\hao123desk];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
"ucloud"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
"dcloud"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
"rcloud"=-;r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store\Setup];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Exam];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Install];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu];r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu];r
"Google Update_BaiDuSafe_RegType"=-;r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm];r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm];r
"Adobe ARM_BaiDuSafe_RegType"=-;r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Statistic];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\UUReport];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\Setup];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu Antivirus];r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16A.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16C.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\PC_Faster_Setup_B23.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_027.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavTray.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavSvc.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\GameFaster.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Documents and Settings\\Margarete\\Dados de aplicativos\\baidu\\hao123-br\\hao123.1.0.0.1104.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-;r
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache];r
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\investigate.exe"=-;r
[-HKEY_USERS\S-1-5-18\Software\Baidu];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log];r
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe];r
Baidu;z
Baidu;a
ffdefaults;
firefoxlook;
iedefaults;
resetieproxy;
resethosts;

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Olá,eu de novo!
Desta vez não pediu para reiniciar o computador.
continua como estava. Segue o resultado:

Zoek.exe v5.0.0.0 Updated 05-Januari-2014
Tool run by Margarete on ter 07/01/2014 at 15:19:05,98.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Margarete\Desktop\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-06-182425.log 55393 bytes
C:\zoek-results2014-01-07-010309.log 25722 bytes
C:\zoek-results2014-01-07-150726.log 19089 bytes
C:\zoek-results2014-01-07-171250.log 27568 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCFApiUtil deleted successfully

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\51xov15u.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\51xov15u.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\ftflqdq6.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\Antonio\Dados de aplicativos\Mozilla\Firefox\Profiles\ftflqdq6.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.FWV7.my-keyword-url", "\"\"");
user_pref("extensions.FWV7.previous-keyword-url", "\"\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.FWV7.my-keyword-url", "\"\"");
user_pref("extensions.FWV7.previous-keyword-url", "\"\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-pcftray-2014-01-02 01-03-00-0593-[15902].dat"=-
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-02 01-03-00-0015-[15902].dat"=-
"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-01-02 01-28-40-0578-[20931].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Baidu Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Google Update_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Baidu Antivirus]
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16A.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\UNT16C.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\PC_Faster_Setup_B23.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\MARGAR~1\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_027.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavTray.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\BavSvc.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC Faster\\4.0.0.0\\GameFaster.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Margarete\\Dados de aplicativos\\baidu\\hao123-br\\hao123.1.0.0.1104.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus\\investigate.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Deleting Files \ Folders ======================

C:\Arquivos de programas\Baidu Security not found
C:\Arquivos de programas\Baidu Security\Baidu Antivirus not found
C:\Documents and Settings\All Users\Application Data\baidu not found
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security not found
C:\Documents and Settings\All Users\Documentos\Baidu Security not found
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security not found
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall not found
C:\Documents and Settings\Margarete\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK not found

==== Folders Found ======================

2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security_Baidu Antivirus
2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Application Data_baidu
2014-01-06 18:19:31 2014-01-06 18:19:31 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu
2014-01-07 01:02:14 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-01-07 01:02:15 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-01-06 18:19:29 2014-01-06 18:19:29 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu
2014-01-07 01:02:15 2014-01-07 01:02:16 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security\Baidu Antivirus
2014-01-06 18:19:29 2014-01-02 21:55:56 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu\Baidu Antivirus
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"avg@toolbar"="C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\10.2.0.3" []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
- Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Margarete\Dados de aplicativos\Mozilla\Firefox\Profiles\daj4e02v.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
69AA47F09AA281C7D3C7716CA7E283B4 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
380F9A643A149B9030142E7171EFA91B - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
BE501CBC29B2025A263D80D399F1797A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
31DA97B4682187C6639BBE2215814FDA - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1C8124B6A03A620EB0CBCA615666D2AE - C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=233 folders=136 67902099 bytes)

==== EOF on ter 07/01/2014 at 15:23:47,31 ======================

 Vários problemas foram removidos.
____________________________

Dê um duplo clique com o botão esquerdo do mouse no Zoek.exe como mostra esta imagem:


Se aparecer alguma mensagem do Windows perguntando se você pretende executar este programa, confirme.

*Copie todo este texto em marrom abaixo e cole-o no espaço em branco do Zoek:

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu];r
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm];r
Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Olá bom dia!!!!!!!

Segue o novo relatório do Zoek:

C:\zoek-results2014-01-06-182425.log 55393 bytes
C:\zoek-results2014-01-07-010309.log 25722 bytes
C:\zoek-results2014-01-07-150726.log 19089 bytes
C:\zoek-results2014-01-07-171250.log 27568 bytes
C:\zoek-results2014-01-07-172347.log 27728 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1123561945-287218729-725345543-1004\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

==== Folders Found ======================

2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security_Baidu Antivirus
2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Application Data_baidu
2014-01-06 18:19:31 2014-01-06 18:19:31 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu
2014-01-07 01:02:14 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-01-07 01:02:15 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-01-06 18:19:29 2014-01-06 18:19:29 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu
2014-01-07 01:02:15 2014-01-07 01:02:16 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security\Baidu Antivirus
2014-01-06 18:19:29 2014-01-02 21:55:56 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu\Baidu Antivirus
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=233 folders=136 67902099 bytes)

==== EOF on qua 08/01/2014 at  7:09:35,57 ======================!!!!!!!

 Bom dia, Margarete!

Dê um duplo clique com o botão esquerdo do mouse no Zoek.exe como mostra esta imagem:


Se aparecer alguma mensagem do Windows perguntando se você pretende executar este programa, confirme.

*Copie todo este texto em marrom abaixo e cole-o no espaço em branco do Zoek:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup];r
Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Olá! Boa tarde. Aqui está o novo log que foi solicitado:

Zoek.exe v5.0.0.0 Updated 05-Januari-2014
Tool run by Margarete on qua 08/01/2014 at 15:28:04,73.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Margarete\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-01-06-182425.log 55393 bytes
C:\zoek-results2014-01-07-010309.log 25722 bytes
C:\zoek-results2014-01-07-150726.log 19089 bytes
C:\zoek-results2014-01-07-171250.log 27568 bytes
C:\zoek-results2014-01-07-172347.log 27728 bytes
C:\zoek-results2014-01-08-090935.log 4995 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

==== Folders Found ======================

2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security_Baidu Antivirus
2014-01-07 01:02:14 2014-01-07 01:02:14 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Application Data_baidu
2014-01-06 18:19:31 2014-01-06 18:19:31 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu
2014-01-07 01:02:14 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-01-07 01:02:15 2014-01-07 01:02:15 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-01-06 18:19:29 2014-01-06 18:19:29 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu
2014-01-07 01:02:15 2014-01-07 01:02:16 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-01-07 01:02:14 2014-01-03 09:44:59 -------- dc--a-w- C:\zoek_backup\C_Arquivos de programas_Baidu Security\Baidu Antivirus
2014-01-06 18:19:29 2014-01-02 21:55:56 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_baidu\Baidu Antivirus
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-07 01:02:17 2014-01-07 01:02:17 -------- dc--a-w- C:\zoek_backup\C_Documents and Settings_Margarete_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=233 folders=136 67902099 bytes)

==== EOF on qua 08/01/2014 at 15:29:28,64 ======================

O Baidu ainda aparece no PC ou sumiu?

Boa Noite!
Olha,o Baidu não aparece mais no PC,
mas meu filho mexeu hoje e disse que o programa ainda existe mas não ta interferindo mais.
Agradeço pela atenção dedicada a essas postagens.
Um gde abraço

mas meu filho mexeu hoje e disse que o programa ainda existe mas não ta interferindo mais.

Para remover algum vestígio do Baidu que ainda esteja no PC siga as dicas dos tutoriais abaixo, por gentileza:

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:


Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

__________________________________________________________

Depois disto siga também as dicas destes tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________

Depois disto nos diga se o problema foi resolvido.

Ficamos na espera.

Boa noite. Instalei os programas que você indicou, menos o Purera.

Mas agora com o programa apareceu também TUNEUP UTILITIES e SEARCH PROTECT.
esses fazem parte do programa ?

Mas agora com o programa apareceu também TUNEUP UTILITIES e SEARCH PROTECT.
esses fazem parte do programa ?

este TUNEUP UTILITIES e SEARCH PROTECT vieram juntos com qual programa? Pode desinstalar isto.

Olá Boa Tarde!!!!!!!
Desinstalei os programas com sucesso,muito obrigado.
Quando precisar vou perturbar vcs de novo.
Muito,mas muito agradecida.
Abraços 

 Que bom que os problemas foram resolvidos. Conte sempre com a gente!

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt

Um abraço!  

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.