Remoção definitiva do Baidu Antivirus

Olá gente! Peço socorro ao forúm para remover de vez o Baidu Antivirus do meu pc. Segue um breve histórico:
1. eu baixei a versão de teste do Kaspersky Internet Security e ao instalar um programa (primoPDF) o antivirus detectou o Baidu junto com o programa, eu neguei a permissão para que o Baidu fosse instalado. Até aí eu pensava que estava tudo bem....
2. Comprei a licença do KIS, quando recebi a chave e tal ao invés de ativar o produto, eu super leiga, cliquei no link para download e eis que quando estou fazendo a instalação do antivirus aparece uma mensagem de um programa causando conflito, era o bendito Baidu.
3. Apesar de já estar utilizando o antivirus (depois descobri que bastava apenas inserir o código de ativação na versão de teste), me incomoda saber que tem um programa indesejado desses por aqui.
4. Já fui o Painel de controle (não aparece o programa listado lá), fiz o scan com KIS, Ccleaner, rodei Adwcleaner, rodei o Malwarebytes, porém, mesmo assim, o Baidu continua (eu sei porque faço o procedimento como se fosse instalar o KIS de novo e aparece o Baidu como incompatível).

Eu tentei tanta coisa que estou com receio de ter danificado meu pc   ....espero que não.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:42:08, on 10/05/2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Usuario\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [GSMEjector] C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GSM Ejector Service (GSMEjector) - Unknown owner - C:\Windows\SysWOW64\GSMSrvEjector.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--
End of file - 11561 bytes

  Olá. Seja bem vinda ao Fórum PC Brasil.
_________________________________________________

rodei Adwcleaner, rodei o Malwarebytes...

Poste, por gentileza, o relatório (log) do AdwCleaner que deverá estar em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Malwarebytes também para que possamos analisá-los. Se não for possível postá-los nos avise.

Obrigada Power Max! Seguem os logs:

# AdwCleaner v3.207 - Relatório criado 09/05/2014 às 02:02:17
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate  (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
Serviço Deletada : xmkysecqun64

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\ProgramData\SaveSenseLive
[!] Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
[!] Pasta Deletada : C:\Program Files (x86)\SimilarSites
[!] Pasta Deletada : C:\Program Files\003
[!] Pasta Deletada : C:\Program Files\SupraSavings
[!] Pasta Deletada : C:\Users\Public\Documents\baidu
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\SaveSense
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\SaveSenseLive
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\OpenCandy
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SaveSense
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SimilarSites
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\y5qx7qf1.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
[!] Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\y5qx7qf1.default\Extensions\sitefinder@sitefinder.com
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Windows\Tasks\SaveSense.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\y5qx7qf1.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [7833 octets] - [09/05/2014 02:01:20]
AdwCleaner[S0].txt - [7429 octets] - [09/05/2014 02:02:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7489 octets] ##########


Do malwarebytes eu selecionei todos os logs e exportei, abriu este arquivo:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 09/05/2014
Scan Time: 02:46:58
Logfile: malware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Usuario

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 248056
Time Elapsed: 19 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Quarantined, [3523331cfa810135f3f4f6d6b0516d93],

Physical Sectors: 0
(No malicious items detected)


(end)


Só mais uma perguntinha, esse RiskWare.Tool.CK, acho que foi o "tecnico" que fez a instalação do meu note que colocou ele aqui, tem algum perigo ou é um falso positivo? pois apenas os MalwareBytes o detectou esse programa como malicioso....

Só mais uma perguntinha, esse RiskWare.Tool.CK, acho que foi o "tecnico" que fez a instalação do meu note que colocou ele aqui, tem algum perigo ou é um falso positivo? pois apenas os MalwareBytes o detectou esse programa como malicioso....

Este item detectado pelo Malwarebytes é usado para piratear o Microsoft Office, o bom sempre é evitar isto e usar os softwares originais que são mais seguros.
___________________________________________________________________________

Quanto ao Malwarebytes você fez só uma verificação superficial com ele. Siga as dicas abaixo para fazer a limpeza completa:

Alterando o idioma do Malwarebytes para o português:

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
___________________________________________________________________________

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 10/05/2014
Hora da Verificação: 17:30:32
Logfile: scan.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.10.10
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 350826
Tempo Decorrido: 35 min, 30 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 0
(No malicious items detected)

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 68
Adware.Adpeak, C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun64.exe.vir, Quarantined, [467c3e11b5c6d6604b6da98b63a1ea16],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe.vir, Quarantined, [e7db55fab1cad85eb12d2b20639ed030],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll.vir, Quarantined, [12b0410ec5b6b08641b0f8721be6ec14],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll.vir, Quarantined, [a61c6ee1037839fd856ced7d14edca36],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll.vir, Quarantined, [b60c60ef0279fe38975a63079071d62a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll.vir, Quarantined, [635fd679f08b82b40de42545f30eda26],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir, Quarantined, [9b27a3ac99e274c2cb26f476ce338977],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll.vir, Quarantined, [bf0360ef9cdfa88ee70aaebc8e7327d9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll.vir, Quarantined, [8a38341b44373501727f5416a16010f0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll.vir, Quarantined, [ffc3d47bc0bb80b6b53c4822827f42be],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll.vir, Quarantined, [c2000c43fe7d7fb704edd19919e809f7],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll.vir, Quarantined, [546ea9a6fb80e353c52c2e3cbc458080],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll.vir, Quarantined, [14ae173893e8c86e0de4aebca65b738d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll.vir, Quarantined, [0ab8d77834472f07648d5d0d3ec3c43c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll.vir, Quarantined, [10b274db077436009a5788e23ec3c53b],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll.vir, Quarantined, [329088c7d6a55ed8bb3683e7a859639d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll.vir, Quarantined, [07bb82cdf18a7cba6c85e6849b66936d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll.vir, Quarantined, [ac166fe02a51f640856ce2889968a060],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll.vir, Quarantined, [c0022827f9827fb7767b2644cf3205fb],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll.vir, Quarantined, [7e449db2c1baad89e30e6ffb3dc4ff01],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll.vir, Quarantined, [2a989bb47efd0630ea07ed7d15ec669a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll.vir, Quarantined, [ebd7b798d2a982b429c8a7c3a45dd42c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll.vir, Quarantined, [8a38aaa52853f046856c393154add828],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll.vir, Quarantined, [2e94c58a126922148071a6c4f50c7a86],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll.vir, Quarantined, [1ea4d8775e1d0b2b08e974f63dc458a8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll.vir, Quarantined, [4f73ff50ff7c3501925fef7bb24fd729],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll.vir, Quarantined, [f2d0470825568caa935e92d857aac739],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll.vir, Quarantined, [b111c38cc4b71026638e3d2d51b0cc34],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll.vir, Quarantined, [932f6fe05d1e6bcb1cd5beac689957a9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll.vir, Quarantined, [5171f6597efdb87e7180f278ab56768a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll.vir, Quarantined, [b012064919620a2c21d0d199ff02b44c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll.vir, Quarantined, [f7cbd679057643f31ed3e58531d0d729],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdate.dll.vir, Quarantined, [09b9aaa514679a9c6579153640c1ba46],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll.vir, Quarantined, [d9e9b39c8cef69cd856c90dada277e82],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll.vir, Quarantined, [2a98b09f5f1c79bdbd3476f4936e58a8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll.vir, Quarantined, [b70b1c33bbc065d1d41d8fdb19e807f9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll.vir, Quarantined, [c7fb410e0477290dab46e18906fbcb35],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir, Quarantined, [932fd97683f863d37d745614e31ef30d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir, Quarantined, [a51d004fb3c8f83e7e734a20778afe02],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll.vir, Quarantined, [338fa6a9d5a66ec8a74ab4b69b66cf31],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll.vir, Quarantined, [3a8886c9cab10e281ad71b4fca372fd1],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll.vir, Quarantined, [e9d9aba4f68512242ec39fcbfb06f20e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll.vir, Quarantined, [3f83d07fbcbfc472f3fea5c5b44d37c9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll.vir, Quarantined, [6d552728a6d564d2c82974f6ef127090],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll.vir, Quarantined, [279bd7783b40270f2fc20961728f659b],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll.vir, Quarantined, [f2d04807c7b41b1b856c77f334cdd22e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll.vir, Quarantined, [a51d54fb98e362d42ec33238e71a639d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll.vir, Quarantined, [4979fa554239f1450ae7e288758c48b8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll.vir, Quarantined, [cff37dd2a3d867cf3eb30a60b05140c0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll.vir, Quarantined, [556dc788621937ffd120a5c5f809fa06],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll.vir, Quarantined, [873b27280279bb7b30c1b6b455ac6c94],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll.vir, Quarantined, [1ea43f10cead48eefdf417538c753bc5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll.vir, Quarantined, [e9d92c234635de58727f1753837ea45c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll.vir, Quarantined, [348e93bc3744d462d02181e93dc406fa],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll.vir, Quarantined, [8e34cf808dee49edf9f8026809f808f8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll.vir, Quarantined, [3b87ba9575061f1719d86a009f62ce32],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir, Quarantined, [f5cd9fb0b3c883b39061b7b351b03bc5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir, Quarantined, [3c8687c899e288ae0fe2076346bb43bd],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir, Quarantined, [f8caeb641f5c88ae24ba70db34cd11ef],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir, Quarantined, [dee4331c374422148a544b0035cc49b7],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psuser.dll.vir, Quarantined, [d7eb054a126914229b432e1dd42d57a9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir, Quarantined, [8240381787f42e0814cae6655ca50ef2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir, Quarantined, [764c52fd6b10b2841cc292b98f728c74],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir, Quarantined, [9a28bd920477c76f23bba9a271900000],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir, Quarantined, [18aaed62d7a4a88e31ad0f3c0af728d8],
PUP.Optional.SaveSence.A, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\SaveSense\SaveSenseIE.dll.vir, Quarantined, [ecd68dc2611a60d692be610bcf35e21e],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir, Quarantined, [655d74dbc8b38ea8e6918bb2926e8977],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, Quarantined, [edd5c18e760569cd984400cd25dcf010],

Physical Sectors: 0
(No malicious items detected)


(end)


Posso excluir as pastas desse Save Sense Live?

Posso excluir as pastas desse Save Sense Live?

Vamos usar os programas próprios para remover estes adwares.
___________________________________________________________________

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

 Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 10/05/2014 at 18:06:17,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Usuario\appdata\locallow\sitefinder"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/05/2014 at 18:15:34,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Executei o instalador do Antivirus pra fazer o teste, ainda aparece o Baidu =/

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Usuario on 10/05/2014 at 18:39:49,85.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/05/2014 18:40:40 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\y5qx7qf1.default\prefs.js:
user_pref("browser.startup.homepage" , "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal");
user_pref("browser.search.defaultenginename" , "Web");
user_pref("browser.search.selectedEngine" , "Web");
user_pref("keyword.URL" , "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\y5qx7qf1.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted

==== Folders Found ======================

2014-05-09 05:02:19 2014-05-09 05:02:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-09 04:09:59 2014-05-09 04:09:59 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-05-09 04:09:59 2014-05-09 04:28:19 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-09 04:09:59 2014-05-09 04:28:19 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-09 04:28:27 2014-05-09 04:28:27 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security

==== Files Found ======================


--- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-04-09 02:24:54
Modified time: 2014-04-07 15:26:08
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.5.6-FF4D55F2.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 49454
Created time: 2014-05-09 04:28:13
Modified time: 2014-05-09 04:28:13
MD5: D95C4C39E243A5AAAD0E24DD415E7831
SHA1: 3510352681D9FBF9501CD7F56195595A9AB64F4F


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.65301&userid=73d9318b29a2ada7f6eb13522887ffc5&old_userid=WD-WX11E-201A066CE108!7e255edd-bf97-496e-b266-160abbe8f93c@#201A066CE108&install_time=2014-05-09 04:28:08&parent_name="

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.65301&userid=73d9318b29a2ada7f6eb13522887ffc5&old_userid=WD-WX11E-201A066CE108!7e255edd-bf97-496e-b266-160abbe8f93c@#201A066CE108&install_time=2014-05-09 04:28:08&parent_name="

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [24/04/2014 23:59]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[05/07/2013 11:10]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[05/07/2013 11:10]

Google Docs - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Kaspersky Protection - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Usuario\Desktop\Acer Crystal Eye Webcam.lnk - C:\Program Files (x86)\Acer\Acer Crystal Eye Webcam\webcam.exe
C:\Users\Usuario\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Usuario\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Usuario\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Usuario\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe -safebanking
C:\Users\Usuario\Desktop\XMind 2013.lnk - C:\Program Files (x86)\XMind\XMind.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Discador Oi.lnk - C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
C:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\EssentialPIM.lnk - C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe
C:\Users\Public\Desktop\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Kaspersky Internet Security.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Manual Epson L355.lnk - C:\Program Files (x86)\epson\guide\l355_p\index.html
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Core\nero.exe /w

==== shortcuts in Users Start Menu ======================

C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software\EPSON Download Navigator.lnk - C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE /ST
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\GOM Wizard.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GomWiz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\Uninstall.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\XMind 2013.lnk - C:\Program Files (x86)\XMind\XMind.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\Support\Readme.lnk - C:\Program Files (x86)\XMind\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind\Support\Uninstall XMind.lnk - C:\Program Files (x86)\XMind\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=75 folders=42 318887 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 10/05/2014 at 19:14:40,51 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Usuario on 10/05/2014 at 20:01:59,28.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-10-221440.log 26018 bytes

==== System Restore Info ======================

10/05/2014 20:03:17 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]
[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]
"url"=-
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]
[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]
"url"=-
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Deleting Files \ Folders ======================

"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.5.6-FF4D55F2.pf" not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Usuario\AppData\Roaming\Baidu Security deleted

==== Folders Found ======================

2014-05-09 05:02:19 2014-05-09 05:02:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-10 23:04:16 2014-05-10 23:04:16 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-10 23:04:16 2014-05-10 23:04:17 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-10 23:04:17 2014-05-10 23:04:17 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-10 23:04:17 2014-05-10 23:04:17 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security

==== Files Found ======================


--- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-04-09 02:24:54
Modified time: 2014-04-07 15:26:08
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]

[HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=76 folders=63 321015 bytes)

==== EOF on 10/05/2014 at 20:05:39,36 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Usuario on 11/05/2014 at  0:57:57,66.
Microsoft Windows 7 Ultimate  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-10-221440.log 26018 bytes
C:\zoek-results2014-05-10-230539.log 10976 bytes

==== System Restore Info ======================

11/05/2014 00:58:40 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018309]
[-HKEY_USERS\S-1-5-21-4070697309-1198324520-1298093371-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\15018465]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=76 folders=63 321015 bytes)

==== EOF on 11/05/2014 at  0:59:09,63 ======================

O Baidu não consta mais no relatório. Como está o PC?

Deu certo!!! Não apareceu mais  :rindo_atoa: 

Não imaginava que essa praga virtual iria demandar um processo tão complexo (pra quem é leigo pelo menos...hahah). Eu já estava desesperada!

Muito obrigada por me ajudar a solucionar este problema, especialmente pela rapidez e pela presteza, esse forúm é demais!  

Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

Só mais uma coisinha, na sua opinião tem algum programa que poderia ter me prevenido dessa infecção? Pois agora estou com medo de adicionar extensões e baixar programas depois desse susto, já que o antivírus não foi suficiente!

Em qual site você costuma fazer seus downloads?

Fazia uso do baixaki, mas ultimamente nenhum link de lá presta =x , já usei o 4shared também e veio adware junto, agora procuro o próprio site do desenvolvedor mas tem alguns que mesmo assim não são 100% seguros.

Como baixar programas sem adwares no baixaki e superdownloads:

Para evitar baixar programas que contenham estes problemas embutidos, quando for baixar alguma coisa do Baixaki, veja se abaixo do botão "Clique para Baixar" há a frase "Ou baixe sem o instalador do Baixaki". Quando houver esta frase, clique este link com a frase "Ou baixe sem o instalador do Baixaki" para fazer o download de forma segura.

E quando for baixar alguma coisa pelo site Superdownloads, escolha sempre a opção "Ou clique aqui para fazer o download sem o instalador", a qual está localizada abaixo do botão "Clique para fazer o DOWNLOAD" > sempre que esta opção estiver disponível, para fazer o download de forma segura e sem adwares.
_____________________________________________________________________________________________________________

Para ajudar a prevenir adwares e outros problemas, baixe o SpywareBlaster neste link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para usá-lo corretamente é só seguir as dicas deste tutorial:

Deixe seu PC mais protegido na internet com o SpywareBlaster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_____________________________________________________________________________________________________________

No próprio instalador de vários programas também pode haver a opção de instalar toolbars e outros itens indesejados. Aí é só você ir desmarcando as caixinhas que sugiram a instalação destas coisas.

Acabei de baixar o programa, muito obrigada pela dica

Grande Abraço.

CASO RESOLVIDO

Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.