Baidu antivirus e o faster que não deixam o sistema

Cansada do monitoramento do Baidu no monitor, tentei restaurar o sistema. Houve rejeição, talvez pelo antivirus. Resolvi primeiramente excluí-los, limpa-los com CCleaner e retentar a restauração. Tudo bem até aí, porém ao reiniciar o sistema lá estavam as pragas, só que desta vez apresentando-se como quadrinhos em branco se abri-los e, sem permissão, caso tenta-se eliminá-los. Algumas orientações para baixar programas de limpeza sem êxito, porque todo e qualquer download foi rejeitado. Como agir num caso desses? Vcs poderiam me ajudar? Meu sistema é um win 7. Grata

  Oi Marilande. Seja bem vinda ao Fórum PC Brasil.

 Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:11:09, on 16/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Roma\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D9D81204EC5CC788E801FF12F73656D8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{66D4DF1C-244A-4626-A9D2-3BB50E766385}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Baidu PC App Store Service 3.15.0.4263 (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Gerenciador de Credenciais (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11358 bytes

 Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Power Max escreveu:  Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.018 - Relatório criado 16/02/2014 às 20:05:37
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Roma - ROMA-PC
# Executando de : C:\Users\Roma\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Roma\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Roma\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Roma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Chave Deletedo : HKLM\Software\systweak

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\75wto7q8.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Users\Roma\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1959 octets] - [16/02/2014 19:59:45]
AdwCleaner[S0].txt - [1853 octets] - [16/02/2014 20:05:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1913 octets] ##########

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Roma on 16/02/2014 at 20:37:51,12.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Roma\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16/02/2014 20:41:49 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Creating Sample_022014_2248.zip ======================

Copied file C:\Users\Roma\atube-catcher-291347-baixaki-32-bits.exe to sample\atube-catcher-291347-baixaki-32-bits.exe
Copied file C:\Users\Roma\SkypeSetup.exe to sample\SkypeSetup.exe
sample\atube-catcher-291347-baixaki-32-bits.exe renamed to 2B6757970C1AF004DE2C52F047B7F988
sample\SkypeSetup.exe renamed to DFD5D6E3A3D7C9F8DDFB5B04DABE214E

C:\Users\Public\Desktop\sample_022014_2248.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\75wto7q8.default\prefs.js:
user_pref("browser.startup.homepage", "http://passoapasso.reciclaedecora.com/presentes-para-as-maes/como-fazer-rosas-com-fitas-de-cetim/");

Added to C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\75wto7q8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\6ni1q4xl.default\prefs.js:

Added to C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\6ni1q4xl.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Roma\AppData\Roaming\Yahoo! deleted
C:\ProgramData\Yahoo! deleted
C:\ProgramData\Yahoo! Companion deleted
C:\ProgramData\FileSplitUpLoad.dll deleted
C:\ProgramData\Baidu deleted
C:\Users\Roma\AppData\Local\Wondershare deleted
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil deleted
C:\Users\Roma\AppData\LocalLow\Yahoo! deleted
C:\Users\Roma\AppData\LocalLow\Yahoo! Companion deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\Roma\atube-catcher-291347-baixaki-32-bits.exe deleted
C:\Users\Roma\SkypeSetup.exe deleted
C:\Users\Roma\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted

==== Folders Found ======================

2014-01-25 09:10:56 2014-02-01 10:05:29 -------- d-----w- C:\BaiduDownloads
2014-02-16 23:05:37 2014-02-16 23:05:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-01-25 08:35:21 2014-01-25 09:12:18 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-25 09:12:18 2014-02-16 23:38:39 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-01-25 08:35:21 2014-01-25 08:37:35 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-25 09:12:32 2014-02-16 01:08:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-25 08:37:31 2014-02-16 01:08:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-01-25 08:39:34 2014-02-16 01:01:49 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Baidu
2014-01-25 08:35:21 2014-02-16 01:01:49 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Baidu Security
2014-01-25 09:12:32 2014-02-16 01:01:50 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-25 08:37:31 2014-02-16 01:01:50 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-01-25 08:37:05 2014-02-16 01:01:51 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\Users\Public\Documents\Baidu Security
2014-01-25 08:37:35 2014-02-16 01:02:47 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\Users\Roma\AppData\Roaming\Baidu Security
2014-01-25 08:37:29 2014-02-16 01:02:48 -------- d-----w- C:\System Volume Information\SystemRestore\FRStaging\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-01-25 08:35:21 2014-01-25 08:37:35 -------- d-----w- C:\Users\All Users\Baidu Security
2014-01-25 09:12:32 2014-02-16 01:08:56 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-25 08:37:31 2014-02-16 01:08:56 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-01-25 08:37:05 2014-02-16 01:08:56 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-01-25 08:37:35 2014-01-25 08:52:32 -------- d-----w- C:\Users\Roma\AppData\Roaming\Baidu Security
2014-02-15 23:34:04 2014-02-15 23:34:04 -------- d-----w- C:\Users\Roma\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-15 23:34:04 2014-02-16 01:08:50 -------- d-----w- C:\Users\Roma\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-01-25 08:37:29 2014-02-16 01:08:50 -------- d-----w- C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-02-17 01:59:40 2014-02-17 01:59:40 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu

==== Files Found ======================


--- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\BaiduStore.dll ---
Company: Baidu Inc.
File Description: PC Faster Interface Plugin Manager
File Version: 4,0,1,56694
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 1253568
Created time: 2014-01-14 11:35:52
Modified time: 2014-01-14 11:35:52
MD5: 1D318E4FBF5C9DE7BD670CF8A4D490D4
SHA1: C71B60519A2DB0E0DA20A1408B7B99EB6B1A08C8


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1220
Created time: 2014-01-25 09:12:32
Modified time: 2014-01-25 09:12:32
MD5: CFE63AA3323384C1004F1B0407FA434B
SHA1: D0D4E0B2AE5A7C8157D638B372073507FB6CE9DE


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1353
Created time: 2014-01-25 08:37:31
Modified time: 2014-01-25 08:37:31
MD5: C55B7A5E47824F47038EEDBE8982DD6F
SHA1: F197FEFBAD1C88A03F1DF5F442FBEB9F00E2A01D


--- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1220
Created time: 2014-01-25 09:12:32
Modified time: 2014-01-25 09:12:32
MD5: CFE63AA3323384C1004F1B0407FA434B
SHA1: D0D4E0B2AE5A7C8157D638B372073507FB6CE9DE


--- C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1353
Created time: 2014-01-25 08:37:31
Modified time: 2014-01-25 08:37:31
MD5: C55B7A5E47824F47038EEDBE8982DD6F
SHA1: F197FEFBAD1C88A03F1DF5F442FBEB9F00E2A01D


--- C:\System Volume Information\SystemRestore\FRStaging\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1202
Created time: 2014-01-25 09:12:33
Modified time: 2014-01-25 09:12:33
MD5: 8961203F0149EC637BDA316F30789412
SHA1: F422B94D6BF99E120583BB3A23EE639BD573407E


--- C:\System Volume Information\SystemRestore\FRStaging\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1371
Created time: 2014-01-25 08:37:29
Modified time: 2014-01-25 08:37:29
MD5: 1D82FB7BBAD158ACF41887461F192F24
SHA1: EDB563DC457B8B5DDD00E13F3F8E36515D9E9BBE


--- C:\System Volume Information\SystemRestore\FRStaging\Users\Roma\Desktop\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1333
Created time: 2014-01-25 08:37:31
Modified time: 2014-01-25 08:37:31
MD5: 728B474BC3AF5153E2D49A55F9F335A9
SHA1: 3193634D70460C02E6647B0A3FA8AE6CE141A8B6


--- C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Baidu PC Faster Update ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-01-25 08:37:29
Modified time: 2014-01-25 08:37:29
MD5: 3E724EBF2324FCFB75E2BFA3AC9CEED7
SHA1: B402C74CF16D4FFDA84E8CCE1F3C0667E5D9751A


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1220
Created time: 2014-01-25 09:12:32
Modified time: 2014-01-25 09:12:32
MD5: CFE63AA3323384C1004F1B0407FA434B
SHA1: D0D4E0B2AE5A7C8157D638B372073507FB6CE9DE


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1353
Created time: 2014-01-25 08:37:31
Modified time: 2014-01-25 08:37:31
MD5: C55B7A5E47824F47038EEDBE8982DD6F
SHA1: F197FEFBAD1C88A03F1DF5F442FBEB9F00E2A01D


--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1202
Created time: 2014-01-25 09:12:33
Modified time: 2014-01-25 09:12:33
MD5: 8961203F0149EC637BDA316F30789412
SHA1: F422B94D6BF99E120583BB3A23EE639BD573407E


--- C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1202
Created time: 2014-02-16 00:47:20
Modified time: 2014-01-25 09:12:33
MD5: 8961203F0149EC637BDA316F30789412
SHA1: F422B94D6BF99E120583BB3A23EE639BD573407E


--- C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1371
Created time: 2014-01-25 08:37:29
Modified time: 2014-01-25 08:37:29
MD5: 1D82FB7BBAD158ACF41887461F192F24
SHA1: EDB563DC457B8B5DDD00E13F3F8E36515D9E9BBE


--- C:\Users\Roma\Desktop\Baidu PC Faster.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1333
Created time: 2014-01-25 08:37:31
Modified time: 2014-01-25 08:37:31
MD5: 728B474BC3AF5153E2D49A55F9F335A9
SHA1: 3193634D70460C02E6647B0A3FA8AE6CE141A8B6


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-02-17 01:59:42
Modified time: 2014-01-25 08:37:29
MD5: 3E724EBF2324FCFB75E2BFA3AC9CEED7
SHA1: B402C74CF16D4FFDA84E8CCE1F3C0667E5D9751A


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-25 01-38-29-0034-[23404].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-25 01-38-29-0096-[23404].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-25 01-38-35-0743-[23424].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-25 01-06-27-0512-[28884].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-25 01-31-10-0187-[8459].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-01-25 01-32-13-0848-[8665].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-26 01-21-53-0433-[14886].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-26 01-58-56-0218-[1134].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-26 01-02-51-0890-[1901].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-28 01-06-52-0175-[7424].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-28 01-03-37-0459-[0032].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-01-29 01-05-18-0741-[3607].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-42-09-0609-[19073].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-31 01-39-34-0826-[4046].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-21-54-0465-[12076].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-02-34-0752-[13288].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-02 02-05-49-0510-[13925].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-21-47-0957-[13279].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-38-19-0299-[5507].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-42-27-0864-[6317].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-06 02-53-53-0587-[11058].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-06 02-49-40-0529-[15232].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-06 02-50-35-0792-[29668].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-InternetSpeedTest-2014-02-06 02-35-21-0775-[10672].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-06 02-57-14-0517-[8204].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-57-33-0257-[22258].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-09 02-04-53-0181-[8428].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-10 02-32-40-0449-[31374].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-10 02-31-19-0580-[0841].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-10 02-09-52-0735-[31907].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-01-34-0340-[11769].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-10 02-05-14-0954-[12487].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-11 02-53-19-0500-[26909].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-FasterNow-2014-02-11 02-53-21-0060-[26916].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-11 02-53-38-0281-[26971].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-02-16 02-29-46-0458-[15490].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-16 02-30-36-0363-[15654].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-FasterNow-2014-02-16 02-31-59-0543-[15925].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-16 02-32-09-0793-[15957].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"="\"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe\" -auto -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayName"="Baidu PC Faster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.15.0.4263]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.15.0.4263]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.15.0.4263]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.15.0.4263]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"DisplayName"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"Description"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"DisplayName"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"Description"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"DisplayName"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}]
"Description"="Baidu PC App Store Service 3.15.0.4263"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\995c6597_0]
@="{0.0.0.00000000}.{16a662e7-23ca-4a97-beb9-1eae7bfe5109}|\\Device\\HarddiskVolume2\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263\\PCAppStore.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\Users\\Roma\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu PC Faster\\Feedback.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu PC Faster\\Feedback.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\Users\\Roma\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu PC Faster\\PC App Store.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu PC Faster\\PC App Store.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\Users\\Roma\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Baidu Antivirus\\Baidu Antivirus.lnk"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\NewUpdater.exe"=dword:00000001

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263\\PCAppStore.exe"="Baidu PC App Store"

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.15.0.4263\\PCAppStore.exe"="Baidu PC App Store"

[HKEY_USERS\S-1-5-21-2910500795-3189603317-1512808066-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\6ni1q4xl.default
1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

Profilepath: C:\Users\Roma\AppData\Roaming\Mozilla\Firefox\Profiles\75wto7q8.default
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
44D60CF911F7EDF4C62B5AB387FCDC67 - C:\Users\Roma\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
9A7488479791660FC87DE0E6323F6953 - C:\Users\Roma\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
EF549D4F383A9152313410C52963CAFB - C:\Users\Roma\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

Google Translate - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Duolingo - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl
Learn 300 new English words per month. Translate. Collect. Memorize words. - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnfmoippfkddcakmbeaglgjcfcfcfmk
Last updated at time on date - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
LE Learn English - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig
avast Online Security - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Roma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.libero.it/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.libero.it/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Roma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Roma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Roma\Desktop\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -shortcut
C:\Users\Roma\Desktop\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Roma\Desktop\Continuar a Instalação de AddRemove Pro.lnk -
C:\Users\Roma\Desktop\Continue AppRemover Installation.lnk - C:\Users\Roma\AppData\Local\Temp\ICReinstall_appremover-31101-32-bits.exe /RR
C:\Users\Roma\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
C:\Users\Roma\Desktop\HP Deskjet 3740 Series (LiDiL) (Copiar 3) - Atalho.lnk -
C:\Users\Roma\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Roma\Desktop\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=shortcut
C:\Users\Roma\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\EPSON SX125 Series Manual.lnk - C:\Program Files (x86)\epson\TpManual\EPSON SX125 Series\pt\Useg\index.htm
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Receitanet 1.03 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Public\Desktop\Tarefas Domésticas.lnk -
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\Public\Desktop\Yahoo Messenger.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\Users\Roma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk -
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Roma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo Messenger.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Roma\AppData\Local\Mozilla\Firefox\Profiles\6ni1q4xl.default\Cache emptied successfully
C:\Users\Roma\AppData\Local\Mozilla\Firefox\Profiles\75wto7q8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Roma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=25 3639619 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Roma\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Roma\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not found
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not found

==== EOF on 17/02/2014 at 1:16:24,50 ======================

 Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

TÓPICO ARQUIVADO

Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.