Remover Baidu

Siga as dicas destes tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo local que você salvou o Farbar, que é este abaixo:
C:\Users\segurar sistemas\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta juntamente com o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC e o o log do Usbfix que estará em C:\UsbFix.txt

acho que é isso:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by segurar sistemas at 2014-03-25 18:40:52 Run:2
Running from C:\Users\segurar sistemas\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
%20FASES.docx.lnk -> C:\Users\segurar sistemas\Desktop\SÍNTESE DOS SINTOMAS E DAS FASES.docx (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\AGL+BLISTER+P10+E+P20.LNK -> C:\Users\segurar sistemas\Desktop\AGL+BLISTER+P10+E+P20.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\baidu.LNK -> C:\Users\segurar sistemas\Desktop\baidu.docx ()
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\Config.LNK -> C:\Kanario\Config.csv (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10 (2).LNK -> C:\Users\segurar sistemas\Documents\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10 - Nº02 (2).LNK -> C:\Users\segurar sistemas\Documents\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10 - Nº02.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10 - Nº02.LNK -> C:\Users\segurar sistemas\Documents\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10 - Nº02.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10.LNK -> C:\Users\segurar sistemas\Documents\DECLARAÇÃO EDITAL BOMBEIRO DO DIA 10.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\Declaração nº 01.LNK -> C:\Users\segurar sistemas\Documents\Licitação Banco do Brasil\Declaração nº 01.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\edital de cftv para dia 19-02.LNK -> C:\Users\segurar sistemas\Desktop\edital de cftv para dia 19-02.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\edital de cftv.LNK -> C:\Users\segurar sistemas\Desktop\edital de cftv.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\edital de cftvpara dia 1709.LNK -> C:\Users\segurar sistemas\Desktop\edital de cftvpara dia 1709.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\EDITAL.LNK -> C:\Users\segurar sistemas\Desktop\EDITAL.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\ESCALA COMPLETA JANEIRO 2013 MODIFICADA(2).LNK -> C:\Users\segurar sistemas\Downloads\ESCALA COMPLETA JANEIRO 2013 MODIFICADA(2).doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\Instalação de SPDA.LNK -> C:\Users\segurar sistemas\Desktop\Instalação de SPDA.docx (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\IPEM.LNK -> C:\Users\segurar sistemas\Desktop\IPEM.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\material são joão del rei.LNK -> C:\Users\segurar sistemas\Desktop\material são joão del rei.docx (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\memorial descritivo araxa.LNK -> C:\Users\segurar sistemas\Desktop\memorial descritivo araxa.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\planilha de preços (2).LNK -> C:\Users\segurar sistemas\Desktop\bbm bh\planilha de preços.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\Proposta Bombeiro.LNK -> C:\Users\segurar sistemas\Documents\Proposta Bombeiro.rtf (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\REIT-1905-EX-EL01-MD-R00.LNK -> C:\Users\segurar sistemas\Desktop\REIT-1905-EX-EL01-MD-R00.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\spda medidas Araxá.LNK -> C:\Users\segurar sistemas\Desktop\spda medidas Araxá.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\spda medidas.LNK -> C:\Users\segurar sistemas\Desktop\spda medidas.doc (No File)
Shortcut: C:\Users\segurar sistemas\AppData\Local\Microsoft\Windows\GameExplorer\{40483CB2-A818-4E1F-BB0C-C4D851C9291E}\PlayTasks\0\Reproduzir.lnk -> C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe (No File)
Task: {748886BB-2AE8-46EA-8EC2-E02EFF5CE91C} - \Baidu PC Faster Update No Task File
Task: {7AD85115-3FD8-4E4E-B4CB-0EBFF5348C35} - System32\Tasks\Ultra Downloads Notifier-enabler => C:\Program Files\Ultra Downloads Notifier\Ultra Downloads Notifier-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Ultra Downloads Notifier-enabler.job => C:\Program Files\Ultra Downloads Notifier\Ultra Downloads Notifier-enabler.exe <==== ATTENTION
HKU\S-1-5-21-3854783944-1782177213-3435406458-1005\...\Run: [WebCake Desktop] - "C:\Users\segurar sistemas\AppData\Roaming\WebCake\WebCakeDesktop.exe"
AppInit_DLLs: c:\progra~1\gsb779~1.ena => c:\progra~1\gsb779~1.ena File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá *X(Ž2s (ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo ^Mp` Ëõ÷_i£w˜¾!„Áû †x¢8€ÙjÀÿþ ´Ñ;áa´ [¦†8 º~RÙxœòÜ8'£-) xä URL =
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 PCAppStoreSvc_{PCAppStore_3.14.5.3262}; No ImagePath
S2 PCAppStoreSvc_{PCAppStore_3.16.3.4537}; No ImagePath
S2 PCFasterSvc_{PCFaster_3.7.0.0}; No ImagePath
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [47456 2013-09-03] (Baidu, Inc.)
U5 BprotectEx; C:\Windows\System32\Drivers\BprotectEx.sys [95552 2013-09-03] (Baidu, Inc.)
end
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748886BB-2AE8-46EA-8EC2-E02EFF5CE91C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AD85115-3FD8-4E4E-B4CB-0EBFF5348C35} => Key not found.
C:\Windows\System32\Tasks\Ultra Downloads Notifier-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ultra Downloads Notifier-enabler => Key not found.
C:\Windows\Tasks\Ultra Downloads Notifier-enabler.job not found.
HKU\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WebCake Desktop => Value not found.
"c:\\progra~1\\gsb779~1.ena" => Value Data not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§’2¹Þpv¨IÍá *X(Ž2s (ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo ^Mp` Ëõ÷_i£w˜¾!„Áû †x¢8€ÙjÀÿþ ´Ñ;áa´ [¦†8 º~RÙxœòÜ8'£-) xä => Key not found.
HKCR\Wow6432Node\CLSID\ÛŸÆîZ§’2¹Þpv¨IÍá *X(Ž2s (ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo ^Mp` Ëõ÷_i£w˜¾!„Áû †x¢8€ÙjÀÿþ ´Ñ;áa´ [¦†8 º~RÙxœòÜ8'£-) xä => Key not found.
"C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml" => not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKCU\SOFTWARE\Policies\Google => Key not found.
PCAppStoreSvc_{PCAppStore_3.14.5.3262} => Service not found.
PCAppStoreSvc_{PCAppStore_3.16.3.4537} => Service not found.
PCFasterSvc_{PCFaster_3.7.0.0} => Service not found.
Bhbase => Service not found.
BprotectEx => Service not found.

==== End of Fixlog ====


Agora eu não achei o (MCShield-AllScans.txt)

Para que o McShield crie o log é só fazer assim: Assim que a verificação for concluída, abra o programa > Na aba Logs clique em Save.

Será gerado um log (relatório) na sua área de trabalho (Desktop).

Mas se você já fez o procedimento acima, você pode ir no menu Iniciar > e na pesquisa do Windows você digita:

MCShield-AllScans.txt

Aí é só abrir o log, copiar o conteúdo dele e postar em sua próxima resposta.
__________________________________________________________________

Falta também você executar o Usbfix e postar o relatório dele.

desculpa a demora da resposta sobrecarreguei no trabalho vou fazer amanhã e te enviar.

engraçado, fiz conforme ensinado e não consegui achar o MCShield-AllScans.txt o que será que estou fazendo errado?
Achei o fixlist.txt, FRST.txte o Addition.txt mas na area de trabalho não aparece o arquivo MCShield nem na busca do iniciar.

Siga então novamente tutorial do Mc Shield que te passei e poste depois o relatorio dele.

Use também o Usbfix e depois poste também o relatório dele.

Olá novamente, desculpe pela demora da resposta, trabalho viajando e demorei voltar, enfim fiz desde do inicio tudo que me ensinou até aqui, meus filhos usaram o pc e acabaram por instalar de novo essa encrenca mas fiz o principio das suas instruções e cheguei neste ponto, espero que compreenda e se possível me auxilie daqui para frente por favor.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by segurar sistemas on 09/04/2014 at 21:25:19,29.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\segurar sistemas\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-15-155139.log 109103 bytes
C:\zoek-results2014-03-16-051252.log 32883 bytes
C:\zoek-results2014-03-21-013246.log 69028 bytes
C:\zoek-results2014-03-21-024112.log 49111 bytes
C:\zoek-results2014-03-21-031941.log 68574 bytes
C:\zoek-results2014-03-21-182513.log 23798 bytes
C:\zoek-results2014-03-21-210330.log 6614 bytes
C:\zoek-results2014-03-22-164229.log 1334 bytes
C:\zoek-results2014-04-10-000317.log 30235 bytes
C:\zoek-results2014-04-10-001801.log 13335 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748886BB-2AE8-46EA-8EC2-E02EFF5CE91C}]
"Path"=-

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\PC Faster]

"Item 1"="[F00000000][T01CF5452E17EAAA0][O00000000]*C:\\Users\\segurar sistemas\\Desktop\\baidu.docx"

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=dword:00000001

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1035 folders=406 220500853 bytes)

==== EOF on 09/04/2014 at 21:28:43,52 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

eis o log:

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by segurar sistemas on 09/04/2014 at 23:34:48,14.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\segurar sistemas\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-15-155139.log 109103 bytes
C:\zoek-results2014-03-16-051252.log 32883 bytes
C:\zoek-results2014-03-21-013246.log 69028 bytes
C:\zoek-results2014-03-21-024112.log 49111 bytes
C:\zoek-results2014-03-21-031941.log 68574 bytes
C:\zoek-results2014-03-21-182513.log 23798 bytes
C:\zoek-results2014-03-21-210330.log 6614 bytes
C:\zoek-results2014-03-22-164229.log 1334 bytes
C:\zoek-results2014-04-10-000317.log 30235 bytes
C:\zoek-results2014-04-10-001801.log 13335 bytes
C:\zoek-results2014-04-10-002843.log 7620 bytes

==== System Restore Info ======================

09/04/2014 23:35:55 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\SEGURA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\SEGURA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\PC Faster]
"Item 1"=-
[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1005\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Folders Found ======================

2014-04-09 22:46:56 2014-04-09 22:46:56 -------- d-----w- C:\Program Files\Baidu Security
2014-04-09 22:46:56 2014-04-10 00:02:47 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-04-09 22:48:39 2014-04-09 22:48:39 -------- d-----w- C:\ProgramData\Baidu Security
2014-04-09 22:48:39 2014-04-09 22:48:39 -------- d-----w- C:\Users\All Users\Baidu Security
2014-03-21 02:30:23 2013-10-22 15:22:20 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-03-21 02:30:33 2014-03-21 02:30:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-09 23:46:53 2014-04-09 23:46:53 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu
2014-03-21 02:30:34 2014-03-21 02:30:36 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-09 23:46:52 2014-04-09 23:46:52 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu
2014-03-21 02:30:36 2014-03-21 02:30:38 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu Security
2014-04-09 23:46:52 2014-04-09 22:48:34 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu\Baidu Antivirus

==== Files Found ======================


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\baidu.docx.LNK ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1042
Created time: 2014-04-10 00:21:56
Modified time: 2014-04-10 00:21:57
MD5: C5465B34F62FE70423AFFB0FB3BB9FFD
SHA1: 8BAA6FCE7A50EAFC74362EDD4083C8AF2978377B


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Windows\Recent\baidu.docx.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 24408
Created time: 2014-04-10 00:21:40
Modified time: 2014-04-10 00:21:40
MD5: FBEB1EFE075C9F999A53E7A12F9A9144
SHA1: 85F1C10EA4A43AB31E5093F47B264A65EE831137


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3384
Created time: 2014-03-15 15:37:30
Modified time: 2013-10-22 14:16:41
MD5: 43DAEC5083FC5223102F4D01DB88646D
SHA1: A9807425EEAC83FB38FF8D0990454863B6AF4B50


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\PC Faster]

"Item 2"="[F00000000][T01CF5452E17EAAA0][O00000000]*C:\\Users\\segurar sistemas\\Desktop\\baidu.docx"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\segurar sistemas\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146\extensions\quick_start@gmail.com" [09/04/2014 19:47]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\segurar sistemas\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [28/03/2014 15:29]

==== Firefox Extensions ======================

ProfilePath: C:\Users\SEGURA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146
- Quick Start - C:\Users\segurar sistemas\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146\extensions\quick_start@gmail.com
- Quick Start - %ProfilePath%\extensions\quick_start@gmail.com

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\segurar sistemas\AppData\Roaming\Mozilla\Firefox\Profiles\ocwd3djr.default-1385322775146
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\segurar sistemas\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
8B5C7A90973BD9B9FB627712D03F4BCC - C:\Users\segurar sistemas\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
036CA317C20DF6A8FE39CA31882290AD - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U32
1C27D3E29218B6EADDB87A6B335637E3 - C:\Program Files\Java\jre6\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.320.5
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
F65284ABAC78410D561587F7C66043BA - C:\Users\segurar sistemas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
84CBD6F6AA7EE399FBDC265B8EA64474 - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat
0A7B01235B1CBFA387B04A91E2F2B7D0 - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat
3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25/03/2014 18:56]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 09:53]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\segurar sistemas\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[17/10/2013 19:21]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\segurar sistemas\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[28/03/2014 15:29]

Google Docs - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Banco Itaú - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\UpdatusUser\Desktop\Allok RM RMVB to AVI MPEG DVD Converter.lnk - C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter\Allok RM RMVB to AVI MPEG DVD Converter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk - C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe
C:\Users\Public\Desktop\avast Internet Security.lnk -
C:\Users\Public\Desktop\avast SafeZone.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\COLOGA.lnk - C:\Program Files\COLOGA\Cologa.exe
C:\Users\Public\Desktop\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\Users\Public\Desktop\Corel CONNECT X6.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\DVR-Net.lnk - C:\Program Files\DVR-Net\MultiNet.exe
C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk - C:\Program Files\EASEUS\EASEUS Partition Master 9.1.1 Home Edition\bin\epm0.exe
C:\Users\Public\Desktop\Endereçador Escritório.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Intelbras Media Player.lnk - C:\Program Files\Intelbras Media Player\Intelbras Media Player.exe
C:\Users\Public\Desktop\Inventor Fusion 2012.lnk - C:\Program Files\Autodesk\Inventor Fusion 2012\Inventor Fusion.exe
C:\Users\Public\Desktop\Kwik Media.lnk - C:\Program Files\Nero\KM\KwikMedia.exe
C:\Users\Public\Desktop\Launch USB Server.lnk - C:\Windows\Installer\{4EEBA84A-3D68-455D-8790-B36486086D44}\USBServer.exe1_EEFFD502E3114949B9314C13F77F68A3.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\MPEG4NVR.lnk - C:\Program Files\MPEG4NVR\MPEG4NVR.exe
C:\Users\Public\Desktop\Nero BackItUp.lnk - C:\Program Files\Nero\Nero 11\Nero BackItUp\BackItUp.exe
C:\Users\Public\Desktop\Nero Burning ROM.lnk - C:\Program Files\Nero\Nero 11\Nero Burning ROM\nero.exe
C:\Users\Public\Desktop\Nero CoverDesigner.lnk - C:\Program Files\Nero\Nero 11\Nero CoverDesigner\CoverDes.exe
C:\Users\Public\Desktop\Nero Express.lnk - C:\Program Files\Nero\Nero 11\Nero Express\NeroExpress.exe
C:\Users\Public\Desktop\Nero Recode.lnk - C:\Program Files\Nero\Nero 11\Nero Recode\Recode.exe
C:\Users\Public\Desktop\Nero SoundTrax.lnk - C:\Program Files\Nero\Nero 11\Nero SoundTrax\SoundTrax.exe
C:\Users\Public\Desktop\Nero Video.lnk - C:\Program Files\Nero\Nero 11\Nero Vision\NeroVision.exe
C:\Users\Public\Desktop\Nero WaveEditor.lnk - C:\Program Files\Nero\Nero 11\Nero WaveEditor\waveedit.exe
C:\Users\Public\Desktop\NetBeans IDE 7.3.1.lnk - C:\Program Files\NetBeans 7.3.1\bin\netbeans.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files\Opera\opera.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe
C:\Users\Public\Desktop\RSD Lite.lnk - C:\Windows\Installer\{00106F6E-29AA-4F6A-B5F2-04A13DFEF6A5}\_61CBAEABBE24F07E156709.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\SmarThru Office.lnk - C:\Program Files\SmarThru Office\STONavigator.exe
C:\Users\Public\Desktop\Super DVD Creator.lnk - C:\Program Files\Super_DVD_Creator_9.8\DVD_Creator.exe
C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\Public\Desktop\Zello.lnk - C:\Program Files\Zello\Zello.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Siemens Subscriber Networks\SpeedStream DSL\Uninstall SpeedStream DSL.LNK - C:\Program Files\Siemens Subscriber Networks\SpeedStream DSL\setup.exe -uninstall

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\segurar sistemas\Documents\sandbox\S-1-5-21-3854783944-1782177213-3435406458-1000\r47\Craagle.exe_{9528ca95-f339-11e2-98d4-90e6bab6bf6e}\C\Users\segurar sistemas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\segurar sistemas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\segurar sistemas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1035 folders=406 220500853 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\segurar sistemas\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SEGURA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\segurar sistemas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" deleted

==== EOF on 09/04/2014 at 23:58:35,67 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

fiz:


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by segurar sistemas on 10/04/2014 at 9:05:50,49.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\segurar sistemas\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-15-155139.log 109103 bytes
C:\zoek-results2014-03-16-051252.log 32883 bytes
C:\zoek-results2014-03-21-013246.log 69028 bytes
C:\zoek-results2014-03-21-024112.log 49111 bytes
C:\zoek-results2014-03-21-031941.log 68574 bytes
C:\zoek-results2014-03-21-182513.log 23798 bytes
C:\zoek-results2014-03-21-210330.log 6614 bytes
C:\zoek-results2014-03-22-164229.log 1334 bytes
C:\zoek-results2014-04-10-000317.log 30235 bytes
C:\zoek-results2014-04-10-001801.log 13335 bytes
C:\zoek-results2014-04-10-002843.log 7620 bytes
C:\zoek-results2014-04-10-025835.log 28071 bytes

==== System Restore Info ======================

10/04/2014 09:08:10 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\Antivirus\web]
"Item 2"=-
[-HKEY_USERS\S-1-5-21-3854783944-1782177213-3435406458-1000\Software\Baidu Security\PC Faster]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted

==== Folders Found ======================

2014-03-21 02:30:23 2014-04-10 12:08:42 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-04-10 12:08:43 2014-04-10 00:02:47 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-03-21 02:30:33 2014-04-10 03:00:23 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-09 23:46:53 2014-04-09 23:46:53 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu
2014-03-21 02:30:34 2014-04-10 03:00:23 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-09 23:46:52 2014-04-09 23:46:52 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu
2014-03-21 02:30:36 2014-03-21 02:30:38 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu Security
2014-04-10 12:08:42 2014-04-10 00:02:47 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-04-09 23:46:52 2014-04-09 22:48:34 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu\Baidu Antivirus

==== Files Found ======================


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\baidu.docx.LNK ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1042
Created time: 2014-04-10 00:21:56
Modified time: 2014-04-10 00:21:57
MD5: C5465B34F62FE70423AFFB0FB3BB9FFD
SHA1: 8BAA6FCE7A50EAFC74362EDD4083C8AF2978377B


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Windows\Recent\baidu.docx.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 24408
Created time: 2014-04-10 00:21:40
Modified time: 2014-04-10 00:21:40
MD5: FBEB1EFE075C9F999A53E7A12F9A9144
SHA1: 85F1C10EA4A43AB31E5093F47B264A65EE831137


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3384
Created time: 2014-03-15 15:37:30
Modified time: 2013-10-22 14:16:41
MD5: 43DAEC5083FC5223102F4D01DB88646D
SHA1: A9807425EEAC83FB38FF8D0990454863B6AF4B50


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

"Item 2"="[F00000000][T01CF5452E17EAAA0][O00000000]*C:\\Users\\segurar sistemas\\Desktop\\baidu.docx"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1035 folders=408 220501177 bytes)

==== EOF on 10/04/2014 at 9:13:44,92 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

pronto:


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by segurar sistemas on 10/04/2014 at 11:41:47,94.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\segurar sistemas\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-15-155139.log 109103 bytes
C:\zoek-results2014-03-16-051252.log 32883 bytes
C:\zoek-results2014-03-21-013246.log 69028 bytes
C:\zoek-results2014-03-21-024112.log 49111 bytes
C:\zoek-results2014-03-21-031941.log 68574 bytes
C:\zoek-results2014-03-21-182513.log 23798 bytes
C:\zoek-results2014-03-21-210330.log 6614 bytes
C:\zoek-results2014-03-22-164229.log 1334 bytes
C:\zoek-results2014-04-10-000317.log 30235 bytes
C:\zoek-results2014-04-10-001801.log 13335 bytes
C:\zoek-results2014-04-10-002843.log 7620 bytes
C:\zoek-results2014-04-10-025835.log 28071 bytes
C:\zoek-results2014-04-10-121344.log 4943 bytes

==== System Restore Info ======================

10/04/2014 11:43:10 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Item 2"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== Folders Found ======================

2014-03-21 02:30:23 2014-04-10 12:08:42 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-04-10 12:08:43 2014-04-10 00:02:47 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-03-21 02:30:33 2014-04-10 03:00:23 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-09 23:46:53 2014-04-09 23:46:53 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu
2014-03-21 02:30:34 2014-04-10 03:00:23 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-09 23:46:52 2014-04-09 23:46:52 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu
2014-03-21 02:30:36 2014-03-21 02:30:38 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu Security
2014-04-10 12:08:42 2014-04-10 00:02:47 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-04-09 23:46:52 2014-04-09 22:48:34 -------- d---a-w- C:\zoek_backup\C_Users_segurar sistemas_AppData_Roaming_Baidu\Baidu Antivirus

==== Files Found ======================


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Office\Recente\baidu.docx.LNK ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1042
Created time: 2014-04-10 00:21:56
Modified time: 2014-04-10 00:21:57
MD5: C5465B34F62FE70423AFFB0FB3BB9FFD
SHA1: 8BAA6FCE7A50EAFC74362EDD4083C8AF2978377B


--- C:\Users\segurar sistemas\AppData\Roaming\Microsoft\Windows\Recent\baidu.docx.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 24408
Created time: 2014-04-10 00:21:40
Modified time: 2014-04-10 00:21:40
MD5: FBEB1EFE075C9F999A53E7A12F9A9144
SHA1: 85F1C10EA4A43AB31E5093F47B264A65EE831137


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3384
Created time: 2014-03-15 15:37:30
Modified time: 2013-10-22 14:16:41
MD5: 43DAEC5083FC5223102F4D01DB88646D
SHA1: A9807425EEAC83FB38FF8D0990454863B6AF4B50


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

"Item 3"="[F00000000][T01CF5452E17EAAA0][O00000000]*C:\\Users\\segurar sistemas\\Desktop\\baidu.docx"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1035 folders=408 220501177 bytes)

==== EOF on 10/04/2014 at 11:47:32,61 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta e nos diga como está o PC após este procedimento.

agora ficou assim:

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by segurar sistemas on 10/04/2014 at 12:38:49,54.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\segurar sistemas\Desktop\Zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-15-155139.log 109103 bytes
C:\zoek-results2014-03-16-051252.log 32883 bytes
C:\zoek-results2014-03-21-013246.log 69028 bytes
C:\zoek-results2014-03-21-024112.log 49111 bytes
C:\zoek-results2014-03-21-031941.log 68574 bytes
C:\zoek-results2014-03-21-182513.log 23798 bytes
C:\zoek-results2014-03-21-210330.log 6614 bytes
C:\zoek-results2014-03-22-164229.log 1334 bytes
C:\zoek-results2014-04-10-000317.log 30235 bytes
C:\zoek-results2014-04-10-001801.log 13335 bytes
C:\zoek-results2014-04-10-002843.log 7620 bytes
C:\zoek-results2014-04-10-025835.log 28071 bytes
C:\zoek-results2014-04-10-121344.log 4943 bytes
C:\zoek-results2014-04-10-144732.log 4349 bytes

==== System Restore Info ======================

10/04/2014 12:40:01 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Item 3"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1035 folders=408 220501177 bytes)

==== EOF on 10/04/2014 at 12:40:32,73 ======================

Como está o PC após este procedimento?

ficou excelente sem vestígios do baidu, e a internet está abrindo mais rápido.

  Fico feliz que o problema tenha sido resolvido.

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

  Foi um prazer ajudar. Conte sempre conosco!

eu que agradeço de coração, sempre bom contar com pessoas iguais a você.

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.