Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 20 usuários online :: 0 registrados, 0 invisíveis e 20 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remoção do Baidu Antivírus!
2 participantes
Página 1 de 1
Remoção do Baidu Antivírus!
por vileka Ter 06 maio 2014, 20:55
Tentei desinstalar o baidu mas não estou conseguindo!
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Ter 06 maio 2014, 20:58
Olá vileka.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Ter 06 maio 2014, 21:03
# AdwCleaner v3.023 - Relatório criado 12/04/2014 às 20:59:26
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Public\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo : search_url
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [2822 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [6996 octets] - [12/04/2014 20:57:48]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [2809 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [4405 octets] - [12/04/2014 20:59:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4465 octets] ##########
# AdwCleaner v3.207 - Relatório criado 06/05/2014 às 20:59:54
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\ViewPassword-soft
Pasta Deletada : C:\Program Files\003
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R10].txt - [2022 octets] - [06/05/2014 14:12:44]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [6992 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [9128 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [1819 octets] - [12/04/2014 21:07:41]
AdwCleaner[R8].txt - [1787 octets] - [12/04/2014 21:18:08]
AdwCleaner[R9].txt - [7874 octets] - [05/05/2014 12:46:31]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [6923 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [6369 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [1873 octets] - [12/04/2014 21:08:51]
AdwCleaner[S8].txt - [7689 octets] - [05/05/2014 12:47:38]
AdwCleaner[S9].txt - [2076 octets] - [06/05/2014 14:13:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [6609 octets] ##########
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Public\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo : search_url
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [2822 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [6996 octets] - [12/04/2014 20:57:48]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [2809 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [4405 octets] - [12/04/2014 20:59:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [4465 octets] ##########
# AdwCleaner v3.207 - Relatório criado 06/05/2014 às 20:59:54
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\ViewPassword-soft
Pasta Deletada : C:\Program Files\003
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R10].txt - [2022 octets] - [06/05/2014 14:12:44]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [6992 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [9128 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [1819 octets] - [12/04/2014 21:07:41]
AdwCleaner[R8].txt - [1787 octets] - [12/04/2014 21:18:08]
AdwCleaner[R9].txt - [7874 octets] - [05/05/2014 12:46:31]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [6923 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [6369 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [1873 octets] - [12/04/2014 21:08:51]
AdwCleaner[S8].txt - [7689 octets] - [05/05/2014 12:47:38]
AdwCleaner[S9].txt - [2076 octets] - [06/05/2014 14:13:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [6609 octets] ##########
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Ter 06 maio 2014, 21:06
Falta você clicar no botão Limpar para que o Adwcleaner remova os problemas.
Depois disto poste o relatório C:\AdwCleaner\AdwCleaner[S10].txt que ele vai criar.
Depois disto poste o relatório C:\AdwCleaner\AdwCleaner[S10].txt que ele vai criar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Ter 06 maio 2014, 21:17
Cliquei em limpar, o programa reiniciou o pc e apareceu esse relatório
# AdwCleaner v3.023 - Relatório criado 12/04/2014 às 21:08:51
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo : search_url
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [2822 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [6996 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [1819 octets] - [12/04/2014 21:07:41]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [2809 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [4565 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [1733 octets] - [12/04/2014 21:08:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1793 octets] ##########
# AdwCleaner v3.207 - Relatório criado 06/05/2014 às 21:12:26
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R10].txt - [2022 octets] - [06/05/2014 14:12:44]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [6992 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [9128 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [3849 octets] - [12/04/2014 21:07:41]
AdwCleaner[R8].txt - [1787 octets] - [12/04/2014 21:18:08]
AdwCleaner[R9].txt - [7874 octets] - [05/05/2014 12:46:31]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [6923 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [6689 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [3639 octets] - [12/04/2014 21:08:51]
AdwCleaner[S8].txt - [7689 octets] - [05/05/2014 12:47:38]
AdwCleaner[S9].txt - [2076 octets] - [06/05/2014 14:13:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3819 octets] ##########
# AdwCleaner v3.023 - Relatório criado 12/04/2014 às 21:08:51
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v34.0.1847.116
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo : search_url
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [2822 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [6996 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [1819 octets] - [12/04/2014 21:07:41]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [2809 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [4565 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [1733 octets] - [12/04/2014 21:08:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1793 octets] ##########
# AdwCleaner v3.207 - Relatório criado 06/05/2014 às 21:12:26
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8530 octets] - [20/02/2014 23:17:36]
AdwCleaner[R10].txt - [2022 octets] - [06/05/2014 14:12:44]
AdwCleaner[R1].txt - [946 octets] - [20/02/2014 23:26:50]
AdwCleaner[R2].txt - [1065 octets] - [24/02/2014 20:00:16]
AdwCleaner[R3].txt - [1186 octets] - [12/03/2014 17:33:01]
AdwCleaner[R4].txt - [1788 octets] - [10/04/2014 18:09:31]
AdwCleaner[R5].txt - [6992 octets] - [12/04/2014 20:41:08]
AdwCleaner[R6].txt - [9128 octets] - [12/04/2014 20:57:48]
AdwCleaner[R7].txt - [3849 octets] - [12/04/2014 21:07:41]
AdwCleaner[R8].txt - [1787 octets] - [12/04/2014 21:18:08]
AdwCleaner[R9].txt - [7874 octets] - [05/05/2014 12:46:31]
AdwCleaner[S0].txt - [6798 octets] - [20/02/2014 23:19:50]
AdwCleaner[S1].txt - [1003 octets] - [20/02/2014 23:28:33]
AdwCleaner[S2].txt - [1124 octets] - [24/02/2014 20:02:15]
AdwCleaner[S3].txt - [1245 octets] - [12/03/2014 17:34:19]
AdwCleaner[S4].txt - [1733 octets] - [10/04/2014 18:11:10]
AdwCleaner[S5].txt - [6923 octets] - [12/04/2014 20:42:36]
AdwCleaner[S6].txt - [6689 octets] - [12/04/2014 20:59:26]
AdwCleaner[S7].txt - [3639 octets] - [12/04/2014 21:08:51]
AdwCleaner[S8].txt - [7689 octets] - [05/05/2014 12:47:38]
AdwCleaner[S9].txt - [2076 octets] - [06/05/2014 14:13:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3819 octets] ##########
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Ter 06 maio 2014, 22:02
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 07 maio 2014, 22:18, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Qua 07 maio 2014, 12:45
Depois que reiniciou o pc apareceu este relatório
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 07/05/2014 at 11:49:36,22.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/05/2014 11:51:16 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Leandro\.android deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Baidu deleted
C:\Users\Leandro\AppData\Local\cache deleted
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat deleted
C:\Windows\WININIT.INI deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\Users\Leandro\AppData\Roaming\unins000.exe deleted
C:\Users\Leandro\Plink.exe deleted
==== Folders Found ======================
2014-02-12 21:46:20 2014-02-27 00:18:30 -------- d-----w- C:\BaiduDownloads
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-01-21 22:17:33 2014-02-12 21:42:35 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-03 18:56:07 2014-05-07 15:15:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-01-21 22:17:33 2014-05-06 17:38:32 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-03 18:56:19 2014-05-06 17:38:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-21 22:24:49 2014-02-12 21:42:32 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security
2014-03-25 12:52:14 2014-05-06 17:38:33 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-25 12:52:15 2014-05-06 17:38:33 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-01-21 22:24:00 2014-02-12 21:42:32 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-03-14 21:13:11 2014-03-14 21:13:11 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-02-03 18:56:19
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-02-03 18:56:19
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-01-21 22:24:02
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-25 03-36-38-0784-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-25 03-37-00-0401-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-25 03-52-34-0102-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-22 01-42-38-0368-[1980].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-22 01-31-46-0572-[25863].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-23 01-33-01-0887-[25098].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-24 01-06-36-0071-[11411].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-01 02-39-58-0630-[30882].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-01 02-40-49-0688-[31048].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-02 02-14-22-0301-[15600].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-23-04-0833-[31512].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-19-26-0413-[29791].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-48-05-0384-[7372].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-17-00-0420-[13038].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-12 02-13-00-0706-[28001].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-InternetSpeedTest-2014-02-12 02-14-07-0179-[28220].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-FlashPlayerRepair-2014-02-12 02-24-27-0939-[30244].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-12 02-41-13-0102-[12518].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-14 02-21-04-0473-[20061].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-14 02-20-17-0647-[3896].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-16 02-40-46-0660-[17646].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-17 02-33-04-0927-[16882].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-18 02-05-35-0797-[27244].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-18 02-09-16-0408-[18710].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-22 02-07-00-0381-[4225].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-23 02-09-44-0184-[3751].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-24 02-07-12-0952-[7245].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-24 02-11-03-0657-[8000].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-25 02-54-20-0809-[17225].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-25 02-46-19-0062-[23155].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-28 02-59-12-0044-[31906].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-15-01-0337-[26494].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-04 03-09-28-0470-[24878].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-08 03-19-25-0740-[27043].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-33-20-0559-[14504].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-09 03-35-19-0274-[14892].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-20-04-0980-[17650].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Leandro\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1108.exe"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Facebook Update_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Dell Webcam Central_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"LanguageShortcut_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"RemoteControl_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PDVDDXSrv_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"APSDaemon_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Broadcom Wireless Manager UI_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SynTPEnh_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"RtHDVCpl_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Persistence_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IgfxTray_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IAAnotif_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"HotKeysCmds_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"="PC Faster"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"="PC Faster"
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/09/2013 20:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{625F4D6B-2734-2C68-62F2-2F6BC372DCA2}"="C:\Program Files (x86)\ViewPassword-soft\161.xpi" []
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/05/2014 18:21]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Leandro\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[01/04/2013 14:43]
avast Online Security - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
GBBD Banco Santander (Brasil) S.A. - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf
Google Wallet - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Mozilla\Firefox\Extensions\{625F4D6B-2734-2C68-62F2-2F6BC372DCA2} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Leandro\Desktop\AdwCleaner - Atalho.lnk - C:\Users\Leandro\Downloads\AdwCleaner.exe
C:\Users\Leandro\Desktop\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
==== shortcuts in Users Start Menu ======================
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=118 folders=23 3307178 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Leandro\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Leandro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 07/05/2014 at 12:40:57,61 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 07/05/2014 at 11:49:36,22.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/05/2014 11:51:16 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Leandro\.android deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Baidu deleted
C:\Users\Leandro\AppData\Local\cache deleted
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat deleted
C:\Windows\WININIT.INI deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\Users\Leandro\AppData\Roaming\unins000.exe deleted
C:\Users\Leandro\Plink.exe deleted
==== Folders Found ======================
2014-02-12 21:46:20 2014-02-27 00:18:30 -------- d-----w- C:\BaiduDownloads
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-01-21 22:17:33 2014-02-12 21:42:35 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-03 18:56:07 2014-05-07 15:15:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-01-21 22:17:33 2014-05-06 17:38:32 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-03 18:56:19 2014-05-06 17:38:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-21 22:24:49 2014-02-12 21:42:32 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security
2014-03-25 12:52:14 2014-05-06 17:38:33 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-25 12:52:15 2014-05-06 17:38:33 -------- d-----w- C:\Users\Leandro\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-01-21 22:24:00 2014-02-12 21:42:32 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-03-14 21:13:11 2014-03-14 21:13:11 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-02-03 18:56:19
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-02-03 18:56:19
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-01-21 22:24:02
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-25 03-36-38-0784-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-25 03-37-00-0401-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-25 03-52-34-0102-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-22 01-42-38-0368-[1980].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-22 01-31-46-0572-[25863].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-01-23 01-33-01-0887-[25098].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-24 01-06-36-0071-[11411].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-01 02-39-58-0630-[30882].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-01 02-40-49-0688-[31048].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-02 02-14-22-0301-[15600].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-23-04-0833-[31512].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-19-26-0413-[29791].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-48-05-0384-[7372].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-17-00-0420-[13038].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-12 02-13-00-0706-[28001].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-InternetSpeedTest-2014-02-12 02-14-07-0179-[28220].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-FlashPlayerRepair-2014-02-12 02-24-27-0939-[30244].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-12 02-41-13-0102-[12518].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-14 02-21-04-0473-[20061].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-14 02-20-17-0647-[3896].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-16 02-40-46-0660-[17646].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-17 02-33-04-0927-[16882].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-18 02-05-35-0797-[27244].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-18 02-09-16-0408-[18710].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-22 02-07-00-0381-[4225].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-23 02-09-44-0184-[3751].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-24 02-07-12-0952-[7245].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-24 02-11-03-0657-[8000].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-25 02-54-20-0809-[17225].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-02-25 02-46-19-0062-[23155].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-28 02-59-12-0044-[31906].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-15-01-0337-[26494].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-04 03-09-28-0470-[24878].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-08 03-19-25-0740-[27043].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-33-20-0559-[14504].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-09 03-35-19-0274-[14892].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-20-04-0980-[17650].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Leandro\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1108.exe"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Facebook Update_BaiDuSafe_RegType"=dword:00000002
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Dell Webcam Central_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"LanguageShortcut_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"RemoteControl_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PDVDDXSrv_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"APSDaemon_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Broadcom Wireless Manager UI_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SynTPEnh_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"RtHDVCpl_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Persistence_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IgfxTray_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IAAnotif_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"HotKeysCmds_BaiDuSafe_RegType"=dword:00000001
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"="PC Faster"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"="Bav"
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"="PC Faster"
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/09/2013 20:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{625F4D6B-2734-2C68-62F2-2F6BC372DCA2}"="C:\Program Files (x86)\ViewPassword-soft\161.xpi" []
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/05/2014 18:21]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Leandro\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[01/04/2013 14:43]
avast Online Security - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
GBBD Banco Santander (Brasil) S.A. - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf
Google Wallet - Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Mozilla\Firefox\Extensions\{625F4D6B-2734-2C68-62F2-2F6BC372DCA2} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Leandro\Desktop\AdwCleaner - Atalho.lnk - C:\Users\Leandro\Downloads\AdwCleaner.exe
C:\Users\Leandro\Desktop\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
==== shortcuts in Users Start Menu ======================
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CyberLink PowerDVD.lnk - C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=118 folders=23 3307178 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Leandro\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Leandro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 07/05/2014 at 12:40:57,61 ======================
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qua 07 maio 2014, 14:16
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 07 maio 2014, 22:19, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Qua 07 maio 2014, 21:21
Parece que desinstalou o baidu, pois sumiu da area de trabalho segue relatório
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 07/05/2014 at 20:51:40,57.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
==== System Restore Info ======================
07/05/2014 21:03:22 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-25 03-36-38-0784-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-25 03-37-00-0401-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-25 03-52-34-0102-[0041].dat"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Facebook Update_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Dell Webcam Central_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"LanguageShortcut_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"RemoteControl_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PDVDDXSrv_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"APSDaemon_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Broadcom Wireless Manager UI_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SynTPEnh_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"RtHDVCpl_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Persistence_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IgfxTray_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IAAnotif_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"HotKeysCmds_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
C:\BaiduDownloads deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Leandro\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Users\Public\Desktop\Baidu Antivirus.lnk" deleted
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt64.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUm64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Pop_Download\Plugin_Pop_Download.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Pop_Download" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
==== Folders Found ======================
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-01-21 22:17:33 2014-05-08 00:06:12 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-03 18:56:07 2014-05-08 00:06:35 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-07 15:39:52 2014-05-07 15:39:52 -------- d-----w- C:\ProgramData\Baidu
2014-05-08 00:05:50 2014-02-27 00:18:30 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-08 00:05:54 2014-05-08 00:05:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-08 00:06:00 2014-05-08 00:06:00 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-05-08 00:06:00 2014-05-08 00:06:05 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-05-08 00:06:06
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:00
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=529 folders=122 186404651 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt64.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security" not found
==== EOF on 07/05/2014 at 21:17:06,52 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 07/05/2014 at 20:51:40,57.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
==== System Restore Info ======================
07/05/2014 21:03:22 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-25 03-36-38-0784-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-25 03-37-00-0401-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-25 03-52-34-0102-[0041].dat"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Facebook Update_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Dell Webcam Central_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"GrooveMonitor_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"HP Software Update_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"LanguageShortcut_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"RemoteControl_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PDVDDXSrv_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"APSDaemon_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Broadcom Wireless Manager UI_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"SynTPEnh_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"RtHDVCpl_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"Persistence_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IgfxTray_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"IAAnotif_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
"HotKeysCmds_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
C:\BaiduDownloads deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Leandro\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Users\Public\Desktop\Baidu Antivirus.lnk" deleted
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt64.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUm64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Pop_Download\Plugin_Pop_Download.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Pop_Download" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
==== Folders Found ======================
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-01-21 22:17:33 2014-05-08 00:06:12 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-02-03 18:56:07 2014-05-08 00:06:35 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-07 15:39:52 2014-05-07 15:39:52 -------- d-----w- C:\ProgramData\Baidu
2014-05-08 00:05:50 2014-02-27 00:18:30 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-08 00:05:54 2014-05-08 00:05:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-08 00:06:00 2014-05-08 00:06:00 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-05-08 00:06:00 2014-05-08 00:06:05 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-05-08 00:06:06
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:00
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=529 folders=122 186404651 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bavnt64.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security" not found
==== EOF on 07/05/2014 at 21:17:06,52 ======================
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qua 07 maio 2014, 22:17
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 08 maio 2014, 10:50, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remoção do Baidu
por vileka Qui 08 maio 2014, 10:09
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 08/05/2014 at 10:03:34,27.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
C:\zoek-results2014-05-08-001706.log 30192 bytes
==== System Restore Info ======================
08/05/2014 10:04:40 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-08 00:05:50 2014-02-27 00:18:30 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-08 13:05:07 2014-05-08 13:05:07 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-05-08 00:05:54 2014-05-08 00:05:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-08 00:06:00 2014-05-08 00:06:00 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-05-08 00:06:00 2014-05-08 00:06:05 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-05-08 00:06:06
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:00
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=532 folders=124 186404960 bytes)
==== EOF on 08/05/2014 at 10:08:03,74 ======================
Tool run by Leandro on 08/05/2014 at 10:03:34,27.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
C:\zoek-results2014-05-08-001706.log 30192 bytes
==== System Restore Info ======================
08/05/2014 10:04:40 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-1727716526-1536786964-652105993-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-02-21 02:19:51 2014-02-21 02:19:51 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu
2014-05-05 15:47:44 2014-05-06 23:12:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Leandro\AppData\Roaming\baidu\Baidu Antivirus
2014-05-05 15:47:44 2014-05-05 15:47:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-08 00:05:50 2014-02-27 00:18:30 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-08 13:05:07 2014-05-08 13:05:07 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-05-08 00:05:54 2014-05-08 00:05:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-08 00:06:00 2014-05-08 00:06:00 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-07 15:13:10 2014-05-07 15:13:10 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-05-08 00:06:00 2014-05-08 00:06:05 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-08 00:05:51 2014-05-08 00:05:54 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-08 00:06:06 2014-05-08 00:06:06 -------- d---a-w- C:\zoek_backup\C_Users_Leandro_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1245
Created time: 2014-05-08 00:06:06
Modified time: 2014-02-03 18:56:19
MD5: A3BE862379DEB4BEFCACB0C7478C3A5B
SHA1: EB8823092809A6FA23E43DB9CA405AC3D0760067
--- C:\zoek_backup\C_Windows_Prefetch_BAIDU_SECURE_SYSTEMUP_4.0.1.5-4E04B992.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 59052
Created time: 2014-05-08 00:06:06
Modified time: 2014-01-21 22:24:02
MD5: 8566F0DA2FCCD6D9CE9708EEAFB00C24
SHA1: 78FC7DAD7ADBADC6048C226F7E6855766887F82E
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-05-07 15:13:13
Modified time: 2014-02-03 18:56:19
MD5: 55DA8E8F8555DC844F2C2CA5C6B51F50
SHA1: EC23B4376D0B887732D70D8E7C34EB38F68415C6
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1263
Created time: 2014-05-08 00:06:00
Modified time: 2014-02-03 18:56:19
MD5: 31B0A1471E09E27E80E25107FCD590EB
SHA1: E5061B9A1A668788D2C04FBFCBFC94D3C50D5F69
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=532 folders=124 186404960 bytes)
==== EOF on 08/05/2014 at 10:08:03,74 ======================
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qui 08 maio 2014, 10:16
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qui 08 maio 2014, 10:50, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Qui 08 maio 2014, 10:23
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 08/05/2014 at 10:20:20,98.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
C:\zoek-results2014-05-08-001706.log 30192 bytes
C:\zoek-results2014-05-08-130803.log 8348 bytes
==== System Restore Info ======================
08/05/2014 10:21:02 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=532 folders=124 186404960 bytes)
==== EOF on 08/05/2014 at 10:22:08,88 ======================
Tool run by Leandro on 08/05/2014 at 10:20:20,98.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-07-154057.log 37675 bytes
C:\zoek-results2014-05-08-001706.log 30192 bytes
C:\zoek-results2014-05-08-130803.log 8348 bytes
==== System Restore Info ======================
08/05/2014 10:21:02 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=532 folders=124 186404960 bytes)
==== EOF on 08/05/2014 at 10:22:08,88 ======================
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qui 08 maio 2014, 10:26
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Qui 08 maio 2014, 10:44
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Leandro on 08/05/2014 at 10:30:21,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Leandro on 08/05/2014 at 10:30:21,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qui 08 maio 2014, 10:49
Como está o PC após estes procedimentos?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por vileka Qui 08 maio 2014, 16:54
Rapaz ficou novo, muito obrigado pela ajuda, parabéns pelo trabalho de vocêsAbraços.
vileka- Iniciante
- Mensagens : 26
Reputação : 1
Data de inscrição : 06/05/2014
Re: Remoção do Baidu Antivírus!
por Power Max Qui 08 maio 2014, 17:03
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção do Baidu Antivírus!
por Power Max Sáb 10 maio 2014, 14:13
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Remoção do Baidu Antivirus
» Remocão do Baidu Antivírus
» Remoção do baidu antivirus
» Remoção do baidu antivirus
» Remoção definitiva do Baidu Antivirus
» Remocão do Baidu Antivírus
» Remoção do baidu antivirus
» Remoção do baidu antivirus
» Remoção definitiva do Baidu Antivirus
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|