Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Ajuda para remover o Baidu do computador
2 participantes
Página 1 de 1
Ajuda para remover o Baidu do computador
por Praticante010 Seg 03 Fev 2014, 00:46
Boa noite, Power Max.
Segui o mesmo roteiro que você indicou e meu arquivo txt, do zoek, é o seguinte:
(Gostaria de saber, também, se é necessário eu postar os log's anteriores. Muito obrigado)
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 0:37:56,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Inspeciona\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 00:39:14 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
Segui o mesmo roteiro que você indicou e meu arquivo txt, do zoek, é o seguinte:
(Gostaria de saber, também, se é necessário eu postar os log's anteriores. Muito obrigado)
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 0:37:56,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Inspeciona\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 00:39:14 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
Praticante010- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 02/02/2014
Re: Ajuda para remover o Baidu do computador
por Power Max Seg 03 Fev 2014, 01:14
Olá Praticante010. Seja bem vindo ao Fórum. 
O relatório que você postou do Zoek está incompleto. Poste ele completo, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Ajuda para remover o Baidu do computador
por Praticante010 Seg 03 Fev 2014, 19:08
Olá, Power Max. Desculpa.
Agora segue o relatório completo:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 0:37:56,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Inspeciona\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 00:39:14 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
Added to C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
user.js not found
---- Lines nationzoom removed from prefs.js ----
user_pref("accessibility.lightning.homepage", "http://www.nationzoom.com/?type=hp&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG
---- FireFox user.js and prefs.js backups ----
prefs_022014_0047_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\Users\Marcos\AppData\Roaming\nationzoom deleted
C:\ProgramData\FileSplitUpLoad.dll deleted
C:\ProgramData\Package Cache deleted
C:\windows\SysNative\Tasks\BackgroundContainer Startup Task deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-02 22:03:00 2014-02-03 01:45:55 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-02 22:50:27 2014-02-03 02:05:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-02 22:02:56 2014-02-02 22:02:56 -------- d-----w- C:\Users\Marcos\AppData\Local\Temp\baidu_secure
2014-02-02 22:03:00 2014-02-02 22:03:00 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 22:03:00 2014-02-02 23:03:08 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.56634
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 18602568
Created time: 2014-02-02 22:03:02
Modified time: 2014-02-02 22:03:02
MD5: 91B93AA667CDB985925D3C0085B6C6A7
SHA1: 33A16AA6FF48B131021A0482E47C2DDE8E5472EC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31/01/2014 18:35]
Agora segue o relatório completo:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 0:37:56,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Inspeciona\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 00:39:14 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
Added to C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
user.js not found
---- Lines nationzoom removed from prefs.js ----
user_pref("accessibility.lightning.homepage", "http://www.nationzoom.com/?type=hp&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG
---- FireFox user.js and prefs.js backups ----
prefs_022014_0047_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\Users\Marcos\AppData\Roaming\nationzoom deleted
C:\ProgramData\FileSplitUpLoad.dll deleted
C:\ProgramData\Package Cache deleted
C:\windows\SysNative\Tasks\BackgroundContainer Startup Task deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-02 22:03:00 2014-02-03 01:45:55 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-02 22:50:27 2014-02-03 02:05:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-02 22:02:56 2014-02-02 22:02:56 -------- d-----w- C:\Users\Marcos\AppData\Local\Temp\baidu_secure
2014-02-02 22:03:00 2014-02-02 22:03:00 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 22:03:00 2014-02-02 23:03:08 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.56634
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 18602568
Created time: 2014-02-02 22:03:02
Modified time: 2014-02-02 22:03:02
MD5: 91B93AA667CDB985925D3C0085B6C6A7
SHA1: 33A16AA6FF48B131021A0482E47C2DDE8E5472EC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31/01/2014 18:35]
Praticante010- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 02/02/2014
Re: Ajuda para remover o Baidu do computador
por Power Max Seg 03 Fev 2014, 19:21
Ele na verdade ainda continua incompleto.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Ajuda para remover o Baidu do computador
por Praticante010 Seg 03 Fev 2014, 21:12
Novamente peço desculpa. Interrompi o programa antes de sua execução completa.
Segue agora:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 20:50:38,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Elimina\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 20:51:47 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
user.js not found
---- Lines extensions.SV9leOlz removed from prefs.js ----
user_pref("extensions.SV9leOlz.epoch", "1391553928");
user_pref("extensions.SV9leOlz.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.match(/ressbar.com[^f]+f
user_pref("extensions.SV9leOlz.url", "http://toolkitfree.us/sync2/?q=hfZ9ofV9CShEAen0rjk7qihTB6lKDzt4oktitNtVh7n0rjnErTaHrTsGpjr9tMFHhd9FqdaGrdrGrTn9q
---- Lines extensions.ZSSHvc8A8T removed from prefs.js ----
user_pref("extensions.ZSSHvc8A8T.epoch", "1391553168");
user_pref("extensions.ZSSHvc8A8T.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.match(/ressbar.com[^f]
user_pref("extensions.ZSSHvc8A8T.url", "http://getjpi1.info/sync2/?q=hfZ9ofDSC6gMCyVUojw8qTkMg708BNmGWj8ckShGheDUojw9rdsErHsGrTY9pihIC7n0rjnErTaHrTsHr
---- FireFox user.js and prefs.js backups ----
prefs_022014_2059_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\greatsAaver deleted
C:\ProgramData\greatsAaver deleted
C:\ProgramData\InstallMate deleted
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\extensions\j4oei@youarcd.net deleted
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\extensions\veynw@taoiebgxpuuyu.com deleted
"C:\ProgramData\680be5366630ce3a\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\ProgramData\680be5366630ce3a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\ProgramData\680be5366630ce3a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\ProgramData\680be5366630ce3a\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\ProgramData\680be5366630ce3a\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\ProgramData\680be5366630ce3a\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted
"C:\ProgramData\680be5366630ce3a\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\ProgramData\680be5366630ce3a\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\ProgramData\680be5366630ce3a" deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-02 22:03:00 2014-02-03 01:45:55 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-02 22:50:27 2014-02-03 02:05:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-02 22:02:56 2014-02-02 22:02:56 -------- d-----w- C:\Users\Marcos\AppData\Local\Temp\baidu_secure
2014-02-02 22:03:00 2014-02-02 22:03:00 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 22:03:00 2014-02-02 23:03:08 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.56634
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 18602568
Created time: 2014-02-02 22:03:02
Modified time: 2014-02-02 22:03:02
MD5: 91B93AA667CDB985925D3C0085B6C6A7
SHA1: 33A16AA6FF48B131021A0482E47C2DDE8E5472EC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31/01/2014 18:35]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25/08/2011 04:41]
webbsave - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
==== Chrome Fix ======================
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Users\Marcos\Desktop\µTorrent.lnk -
C:\Users\Marcos\Desktop\Tool_Adwares\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe /w
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-A93000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Connect\Best Buy Connect.lnk - C:\Program Files (x86)\Best Buy Connect\bin\surlprx.exe ShastaURL:PC=ExternalRunApplication(),APPLICATION=sandpiper_1, AUTHCODE=3BC699
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Connect\Desinstalar.lnk - C:\Windows\system32\msiexec.exe /X{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP SimplePass 2012.lnk - C:\Program Files (x86)\HP SimplePass 2012\Splash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk - C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Advanced Statistics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Wireless Event Viewer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Wireless Diagnostics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe /w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ControlCenter.lnk - C:\Program Files (x86)\Nero\Nero ControlCenter\SetupX.exe MODE="update"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Marcos\AppData\Local\Mozilla\Firefox\Profiles\mghekcs2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=285 folders=108 94599185 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Marcos\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcos\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 03/02/2014 at 21:06:15,67 ======================
Segue agora:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 03/02/2014 at 20:50:38,56.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Elimina\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03/02/2014 20:51:47 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
user.js not found
---- Lines extensions.SV9leOlz removed from prefs.js ----
user_pref("extensions.SV9leOlz.epoch", "1391553928");
user_pref("extensions.SV9leOlz.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.match(/ressbar.com[^f]+f
user_pref("extensions.SV9leOlz.url", "http://toolkitfree.us/sync2/?q=hfZ9ofV9CShEAen0rjk7qihTB6lKDzt4oktitNtVh7n0rjnErTaHrTsGpjr9tMFHhd9FqdaGrdrGrTn9q
---- Lines extensions.ZSSHvc8A8T removed from prefs.js ----
user_pref("extensions.ZSSHvc8A8T.epoch", "1391553168");
user_pref("extensions.ZSSHvc8A8T.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.match(/ressbar.com[^f]
user_pref("extensions.ZSSHvc8A8T.url", "http://getjpi1.info/sync2/?q=hfZ9ofDSC6gMCyVUojw8qTkMg708BNmGWj8ckShGheDUojw9rdsErHsGrTY9pihIC7n0rjnErTaHrTsHr
---- FireFox user.js and prefs.js backups ----
prefs_022014_2059_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\greatsAaver deleted
C:\ProgramData\greatsAaver deleted
C:\ProgramData\InstallMate deleted
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\extensions\j4oei@youarcd.net deleted
C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default\extensions\veynw@taoiebgxpuuyu.com deleted
"C:\ProgramData\680be5366630ce3a\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\ProgramData\680be5366630ce3a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\ProgramData\680be5366630ce3a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\ProgramData\680be5366630ce3a\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\ProgramData\680be5366630ce3a\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\ProgramData\680be5366630ce3a\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted
"C:\ProgramData\680be5366630ce3a\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\ProgramData\680be5366630ce3a\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\ProgramData\680be5366630ce3a" deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-02 22:03:00 2014-02-03 01:45:55 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-02 22:50:27 2014-02-03 02:05:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 22:41:57 2014-02-02 22:41:57 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-02 22:02:56 2014-02-02 22:02:56 -------- d-----w- C:\Users\Marcos\AppData\Local\Temp\baidu_secure
2014-02-02 22:03:00 2014-02-02 22:03:00 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-03 01:43:33 2014-02-03 01:43:33 -------- d-----w- C:\Users\Marcos\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 22:03:00 2014-02-02 23:03:08 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.1.56634
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 18602568
Created time: 2014-02-02 22:03:02
Modified time: 2014-02-02 22:03:02
MD5: 91B93AA667CDB985925D3C0085B6C6A7
SHA1: 33A16AA6FF48B131021A0482E47C2DDE8E5472EC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31/01/2014 18:35]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\mghekcs2.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25/08/2011 04:41]
webbsave - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
webbsave - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb
YoutubeAdblocker - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm
YTBookMark - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea
ScriptSafe - Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf
==== Chrome Fix ======================
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\adaohmfojacbfpjkgbcgelnmjcaabccb deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ihmdfghkkeklehomjbebfoffofdjkpkm deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\imjbodmdkmlmimidncpgfjfenclgikea deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Administrador\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Convidado\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
C:\Users\Marcos\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1391379161&from=slbnew&uid=HGSTXHTS545050A7E380_TE8513L92AG7UP2AG7UPX&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Users\Marcos\Desktop\µTorrent.lnk -
C:\Users\Marcos\Desktop\Tool_Adwares\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe /w
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-A93000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Connect\Best Buy Connect.lnk - C:\Program Files (x86)\Best Buy Connect\bin\surlprx.exe ShastaURL:PC=ExternalRunApplication(),APPLICATION=sandpiper_1, AUTHCODE=3BC699
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Connect\Desinstalar.lnk - C:\Windows\system32\msiexec.exe /X{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP SimplePass 2012.lnk - C:\Program Files (x86)\HP SimplePass 2012\Splash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk - C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Advanced Statistics.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Advanced Statistics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Event Viewer.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Wireless Event Viewer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\WiFi Manual Diagnostics.lnk - C:\Program Files (x86)\Common Files\Intel\WirelessCommon\imFrmwrk.exe /sf Wireless Diagnostics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe /w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ControlCenter.lnk - C:\Program Files (x86)\Nero\Nero ControlCenter\SetupX.exe MODE="update"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Marcos\AppData\Local\Mozilla\Firefox\Profiles\mghekcs2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=285 folders=108 94599185 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Marcos\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcos\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Marcos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 03/02/2014 at 21:06:15,67 ======================
Praticante010- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 02/02/2014
Re: Ajuda para remover o Baidu do computador
por Power Max Seg 03 Fev 2014, 21:18
Agora está certo.Estou analisando o relatório aqui e daqui há pouco te passo o próximo procedimento.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Ajuda para remover o Baidu do computador
por Power Max Seg 03 Fev 2014, 21:55
*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Copie e cole as linhas em marrom que te passei no espaço do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo será apresentada. Aguarde o término...pode demorar!
*Caso a reinicialização do PC seja solicitada, clique [OK]
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Cole o novo relatório C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 24 Fev 2014, 10:39, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Ajuda para remover o Baidu do computador
por Praticante010 Ter 04 Fev 2014, 02:16
Segue o relatório:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 04/02/2014 at 2:04:10,24.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Elimina\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
04/02/2014 02:04:45 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Deleting Files \ Folders ======================
C:\Users\Marcos\AppData\Local\Temp\baidu_secure not found
C:\Users\Public\Documents\Baidu Security not found
"C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe" not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Marcos\AppData\Roaming\Baidu Security deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-04 04:05:29 2014-02-04 04:05:30 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-02-04 04:05:30 2014-02-03 02:05:21 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-02-04 04:05:30 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-02-04 04:05:30 2014-02-03 02:05:21 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
==== C:\zoek_backup content ======================
C:\zoek_backup (files=346 folders=149 131660418 bytes)
==== EOF on 04/02/2014 at 2:06:12,00 ======================
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcos on 04/02/2014 at 2:04:10,24.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Desktop\Tool_Adwares\Elimina\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
04/02/2014 02:04:45 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-42-50-0272-[21178].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-42-50-0282-[21178].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-02-02 02-42-59-0142-[21207].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-02 02-38-27-0015-[22819].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-02 02-38-28-0528-[22823].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Deleting Files \ Folders ======================
C:\Users\Marcos\AppData\Local\Temp\baidu_secure not found
C:\Users\Public\Documents\Baidu Security not found
"C:\Users\Marcos\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe" not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Marcos\AppData\Roaming\Baidu Security deleted
==== Folders Found ======================
2014-02-03 02:03:20 2014-02-03 02:03:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-02-04 04:05:29 2014-02-04 04:05:30 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-02-04 04:05:30 2014-02-03 02:05:21 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-02-04 04:05:30 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-02-04 04:05:30 2014-02-03 02:05:21 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-04 04:05:31 2014-02-04 04:05:31 -------- d---a-w- C:\zoek_backup\C_Users_Marcos_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup]
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001
==== C:\zoek_backup content ======================
C:\zoek_backup (files=346 folders=149 131660418 bytes)
==== EOF on 04/02/2014 at 2:06:12,00 ======================
Praticante010- Iniciante
- Mensagens : 4
Reputação : 0
Data de inscrição : 02/02/2014
Re: Ajuda para remover o Baidu do computador
por Power Max Ter 04 Fev 2014, 11:53
*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Copie e cole as linhas em marrom no espaço do Zoek:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster];r
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup];r
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=-;r
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-;r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup];r
Baidu;z
Baidu;a
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo será apresentada. Aguarde o término...pode demorar!
Fazendo isto os restos do Baidu que estavam em seu PC serão removidos.
Um abraço!
*Copie e cole as linhas em marrom no espaço do Zoek:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\Antivirus\web];r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster];r
[HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup];r
"C:\\Users\\Marcos\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\7TLEX1GR\\SkypeSetupFull[1].exe"=-;r
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-;r
[-HKEY_USERS\S-1-5-21-4061720483-1206452066-2124586512-1000\Software\Baidu Security\PC Faster\Setup];r
Baidu;z
Baidu;a
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo será apresentada. Aguarde o término...pode demorar!
*Caso a reinicialização do PC seja solicitada, clique [OK]
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
Fazendo isto os restos do Baidu que estavam em seu PC serão removidos.
Um abraço!
Última edição por Power Max em Seg 24 Fev 2014, 10:41, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Ajuda para remover o Baidu do computador
por Power Max Seg 24 Fev 2014, 10:38
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Preciso de Ajuda - remover o BAIDU
» Preciso de ajuda para remover o Baidu por completo
» Ajuda pra remover virus...
» Ajuda para remover o Awesomehp
» ajuda remover 123rede com adwcleaner
» Preciso de ajuda para remover o Baidu por completo
» Ajuda pra remover virus...
» Ajuda para remover o Awesomehp
» ajuda remover 123rede com adwcleaner
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos