CE UmbrellaCert

Olá amigos, bom dia!
Por favor. me ajudem a remover esta praga do meu PC (CE UmbrellaCert). Já tentei ZHP Fix, ADW Cleaner, JunkWare Zoek e nada. Segue relatório do Zoek e ADW.


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by famlia on 16/06/2014 at  4:04:10,22.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck  4:07:16,40 =====

--- Create Environment Variables  4:07:19,46
--- Create System Restore Point  4:07:54,20
--- Checking Input  4:08:22,24
--- Reset Hosts File  4:08:28,87
--- AU AppData Check  4:08:32,21
--- Remove From Windows Installer  4:08:41,10
--- IE Startpage Check  4:10:17,06
--- Program Files DB Check  4:11:02,75
--- C:\Users\Default\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\Default User\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\famlia\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\USURIO~1\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\system32\config\systemprofile\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check  4:12:48,35
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check  4:12:48,35
--- C:\Users\famlia DB Check  4:17:22,01
--- C:\PROGRA~2 DB Check  4:17:59,66
--- C:\Users\Default\AppData\Local DB Check  4:18:01,56
--- C:\Users\Default User\AppData\Local DB Check  4:18:01,56
--- C:\Users\famlia\AppData\Local DB Check  4:18:01,56
--- C:\Users\wangzhisong\AppData\Local DB Check  4:18:01,56
--- C:\Users\USURIO~1\AppData\Local DB Check  4:18:01,56
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check  4:18:01,56
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check  4:18:01,56
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check  4:18:01,56
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  4:21:30,13
--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  4:21:48,74
--- Tasks DB Check  4:21:59,71
--- Downloads DB Check  4:22:06,84
--- C:\Users\famlia\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check  4:22:17,47
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check  4:22:17,47
--- Tasks2 DB Check  4:24:06,31
--- Documents DB Check  4:24:51,80
--- C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default DB Check  4:25:03,27
--- C:\Users\famlia\Desktop DB Check  4:25:10,55
--- Services DB Check  4:25:26,07
--- FF prefs.js DB Check  4:25:43,70
--- Del by CLSID  4:26:52,38
--- Delete Services  4:27:52,08
--- Firefox Fix  4:27:59,88



# AdwCleaner v3.212 - Relatório criado 13/06/2014 às 17:16:57
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
Serviço Encontrado : CltMngSvc
Serviço Encontrado : hlnfd
Serviço Encontrado : NewPlayerUpdaterService
Serviço Encontrado : pricemeterliveUpdate
Serviço Encontrado : pricemeterliveUpdatem
Serviço Encontrado : Update webget

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\END
Arquivo Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\aps.uninstall.scan.results
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\searchplugins\Mysearchdial.xml
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\searchplugins\trovi-search.xml
Arquivo Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\user.js
Arquivo Encontrado : C:\Users\famlia\daemonprocess.txt
Arquivo Encontrado : C:\Users\famlia\Desktop\Mobogenie.lnk
Arquivo Encontrado : C:\Users\Public\Desktop\Advanced System Protector.lnk
Arquivo Encontrado : C:\Users\Public\Desktop\NewPlayer.lnk
Arquivo Encontrado : C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
Arquivo Encontrado : C:\Windows\system32\roboot.exe
Arquivo Encontrado : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Encontrado : C:\Windows\System32\Tasks\AmiUpdXp
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP1
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP2
Arquivo Encontrado : C:\Windows\System32\Tasks\APSnotifierPP3
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Encontrado : C:\Windows\System32\Tasks\Dealply
Arquivo Encontrado : C:\Windows\System32\Tasks\Digital Sites
Arquivo Encontrado : C:\Windows\System32\Tasks\DigitalSite
Arquivo Encontrado : C:\Windows\System32\Tasks\LaunchApp
Arquivo Encontrado : C:\Windows\System32\Tasks\MetaCrawler
Arquivo Encontrado : C:\Windows\System32\Tasks\PCHelpers_period
Arquivo Encontrado : C:\Windows\System32\Tasks\PCHelpers1st
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterdownloader
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\System32\Tasks\PriceMeterUpdater
Arquivo Encontrado : C:\Windows\Tasks\AmiUpdXp.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP1.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP2.job
Arquivo Encontrado : C:\Windows\Tasks\APSnotifierPP3.job
Arquivo Encontrado : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Encontrado : C:\Windows\Tasks\Dealply.job
Arquivo Encontrado : C:\Windows\Tasks\Digital Sites.job
Arquivo Encontrado : C:\Windows\Tasks\DigitalSite.job
Arquivo Encontrado : C:\Windows\Tasks\MetaCrawler.job
Arquivo Encontrado : C:\Windows\Tasks\PCHelpers_period.job
Arquivo Encontrado : C:\Windows\Tasks\PCHelpers1st.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
Arquivo Encontrado : C:\Windows\Tasks\PriceMeterUpdater.job
Pasta Encontrado : C:\Program Files\002
Pasta Encontrado : C:\Program Files\Advanced System Protector
Pasta Encontrado : C:\Program Files\AmiExt
Pasta Encontrado : C:\Program Files\BonanzaDealsLive
Pasta Encontrado : C:\Program Files\DealPly
Pasta Encontrado : C:\Program Files\DealPlyLive
Pasta Encontrado : C:\Program Files\Freeven pro 1.2
Pasta Encontrado : C:\Program Files\globalUpdate
Pasta Encontrado : C:\Program Files\Iminent
Pasta Encontrado : C:\Program Files\Mobogenie
Pasta Encontrado : C:\Program Files\NewPlayer
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\PriceMeterLiveUpdate
Pasta Encontrado : C:\Program Files\RichMediaViewV1
Pasta Encontrado : C:\Program Files\RrFilter
Pasta Encontrado : C:\Program Files\SearchProtect
Pasta Encontrado : C:\Program Files\Software Updater
Pasta Encontrado : C:\Program Files\SupTab
Pasta Encontrado : C:\Program Files\webget
Pasta Encontrado : C:\ProgramData\Babylon
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\BonanzaDealsLive
Pasta Encontrado : C:\ProgramData\DealPlyLive
Pasta Encontrado : C:\ProgramData\IePluginService
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Pasta Encontrado : C:\ProgramData\PriceMeterLiveUpdate
Pasta Encontrado : C:\ProgramData\Systweak
Pasta Encontrado : C:\ProgramData\Tarma Installer
Pasta Encontrado : C:\ProgramData\WPM
Pasta Encontrado : C:\Users\famlia\AppData\Local\41
Pasta Encontrado : C:\Users\famlia\AppData\Local\BonanzaDealsLive
Pasta Encontrado : C:\Users\famlia\AppData\Local\DealPlyLive
Pasta Encontrado : C:\Users\famlia\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\famlia\AppData\Local\Mobogenie
Pasta Encontrado : C:\Users\famlia\AppData\Local\NewPlayer
Pasta Encontrado : C:\Users\famlia\AppData\Local\PriceMeterLiveUpdate
Pasta Encontrado : C:\Users\famlia\AppData\Local\SearchProtect
Pasta Encontrado : C:\Users\famlia\AppData\Local\Systweak
Pasta Encontrado : C:\Users\famlia\AppData\Local\Temp\AirInstaller
Pasta Encontrado : C:\Users\famlia\AppData\Local\Temp\webget
Pasta Encontrado : C:\Users\famlia\AppData\LocalLow\Delta
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\0D0S1L2Z1P1B
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Activeris
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\DigitalSites
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\eCyber
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\iSafe
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Optimizer Elite Max
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\PriceMeterUpdater
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\sweet-page
Pasta Encontrado : C:\Users\famlia\AppData\Roaming\Systweak
Pasta Encontrado : C:\Users\famlia\Documents\Mobogenie
Pasta Encontrado : C:\Users\famlia\Documents\PC Health Kit
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\wangzhisong\AppData\Local\Mobogenie

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AmiExt
Chave Encontrada : HKCU\Software\AnyProtect
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Encontrada : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Encontrada : HKCU\Software\AVG Secure Search
Chave Encontrada : HKCU\Software\BabSolution
Chave Encontrada : HKCU\Software\BI
Chave Encontrada : HKCU\Software\BonanzaDeals
Chave Encontrada : HKCU\Software\BonanzaDealsLive
Chave Encontrada : HKCU\Software\DataMngr
Chave Encontrada : HKCU\Software\DataMngr_Toolbar
Chave Encontrada : HKCU\Software\DealPlyLive
Chave Encontrada : HKCU\Software\Delta
Chave Encontrada : HKCU\Software\dsiteproducts
Chave Encontrada : HKCU\Software\FreeSoftToday
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKCU\Software\Iminent
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Package Packages
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Chave Encontrada : HKCU\Software\Optimizer Pro
Chave Encontrada : HKCU\Software\PC Health Kit
Chave Encontrada : HKCU\Software\SmartBar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\SoftwareUpdater
Chave Encontrada : HKCU\Software\systweak
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : HKCU\Software\V9
Chave Encontrada : HKLM\SOFTWARE\5c55d8dfbd6aed49
Chave Encontrada : HKLM\Software\BonanzaDeals
Chave Encontrada : HKLM\Software\BonanzaDealsLive
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{363BB65D-1747-4826-B445-1DA6244E2037}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Encontrada : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\DealPlyLive
Chave Encontrada : HKLM\Software\Delta
Chave Encontrada : HKLM\Software\Free_soft_today
Chave Encontrada : HKLM\Software\Freeven pro 1.2
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\Software\installedbrowserextensions
Chave Encontrada : HKLM\Software\iSafe
Chave Encontrada : HKLM\Software\LevelQualityWatcher
Chave Encontrada : HKLM\Software\Lightspark Team
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6812D4A4-7DE7-40B2-8964-E89868F6D667}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8BC6B6F-A766-4A8A-BE10-074FAD8CC9AA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE63EBEF-54AF-4E9A-BE3F-F92589BEB753}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DE69FB6-AC60-49F5-8E54-191495CE65EA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18B80C1B-75AB-4BF1-B2D5-A484DFB87275}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AB53836-FF8A-4FB4-82AC-D298797BA03C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{236F17AA-FF86-4C40-89F3-2DD981BDA45A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BD0F61-E4B5-4A59-B160-1E6857724DE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5BBCAD-AA43-4DFD-84C7-B4374516F6AE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54BB1ECE-4235-4458-AA2C-8BD2647D5528}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F29A3ED-B421-4A19-8F61-25848E634C80}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7265566-BDD8-45DF-9382-BCEE3DB29214}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C350F818-0B60-4873-9A38-1F271311792B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD8195D-5724-4F6F-86FB-7687DC1C5A8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E36945DA-942A-423A-B1D4-1B9198230969}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5C0BC95-BEC9-4D20-9D1B-652E5D227445}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E75CE395-4E24-404F-B47C-276B8CB6E8DB}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F309F914-870F-4B1A-A6E8-0A6FFA8A93C6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DE69FB6-AC60-49F5-8E54-191495CE65EA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18B80C1B-75AB-4BF1-B2D5-A484DFB87275}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB53836-FF8A-4FB4-82AC-D298797BA03C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{236F17AA-FF86-4C40-89F3-2DD981BDA45A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BD0F61-E4B5-4A59-B160-1E6857724DE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5BBCAD-AA43-4DFD-84C7-B4374516F6AE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54BB1ECE-4235-4458-AA2C-8BD2647D5528}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6812D4A4-7DE7-40B2-8964-E89868F6D667}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F29A3ED-B421-4A19-8F61-25848E634C80}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7265566-BDD8-45DF-9382-BCEE3DB29214}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8BC6B6F-A766-4A8A-BE10-074FAD8CC9AA}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C350F818-0B60-4873-9A38-1F271311792B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE63EBEF-54AF-4E9A-BE3F-F92589BEB753}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD8195D-5724-4F6F-86FB-7687DC1C5A8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E36945DA-942A-423A-B1D4-1B9198230969}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5C0BC95-BEC9-4D20-9D1B-652E5D227445}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E75CE395-4E24-404F-B47C-276B8CB6E8DB}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA5805F8-459C-4C91-8921-6F0AC52663BE}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F309F914-870F-4B1A-A6E8-0A6FFA8A93C6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Encontrada : HKLM\Software\NewPlayer
Chave Encontrada : HKLM\Software\RrSavings
Chave Encontrada : HKLM\Software\SearchProtect
Chave Encontrada : HKLM\Software\SupTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\sweet-pageSoftware
Chave Encontrada : HKLM\Software\systweak
Chave Encontrada : HKLM\Software\Tarma Installer
Chave Encontrada : HKLM\Software\Tutorials
Chave Encontrada : HKLM\Software\Wpm
Dados Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha encontrada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha encontrada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha encontrada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Encontrada [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Encontrada [Extension] : flpcjncodpafbgdpnkljologafpionhb
Encontrada [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [39072 octets] - [13/06/2014 17:16:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [39133 octets] #######

Oi Delcides.

No caso do Adwcleaner para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Olá amigos, pelo que vi foram gerados 2 relatórios. Segue abaixo:

# AdwCleaner v3.212 - Relatório criado 16/06/2014 às 10:57:27
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner (2).exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\Users\Public\Documents\baidu

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha encontrada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha encontrada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha encontrada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [39214 octets] - [13/06/2014 17:16:57]
AdwCleaner[R1].txt - [2485 octets] - [13/06/2014 18:06:45]
AdwCleaner[R2].txt - [2608 octets] - [15/06/2014 23:09:38]
AdwCleaner[R3].txt - [2086 octets] - [16/06/2014 10:57:27]
AdwCleaner[S0].txt - [37048 octets] - [13/06/2014 17:19:38]
AdwCleaner[S1].txt - [2515 octets] - [13/06/2014 18:08:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2267 octets] ##########


# AdwCleaner v3.212 - Relatório criado 16/06/2014 às 10:58:29
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : famlia - FAMLIA-PC
# Executando de : C:\Users\famlia\Downloads\AdwCleaner (2).exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD28BA081-C33[...]
Linha deletada : user_pref("browser.search.defaultenginename", "Trovi search");
Linha deletada : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [39214 octets] - [13/06/2014 17:16:57]
AdwCleaner[R1].txt - [2485 octets] - [13/06/2014 18:06:45]
AdwCleaner[R2].txt - [2608 octets] - [15/06/2014 23:09:38]
AdwCleaner[R3].txt - [2347 octets] - [16/06/2014 10:57:27]
AdwCleaner[S0].txt - [37048 octets] - [13/06/2014 17:19:38]
AdwCleaner[S1].txt - [2515 octets] - [13/06/2014 18:08:15]
AdwCleaner[S2].txt - [3784 octets] - [16/06/2014 10:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3844 octets] ##########

 No seu PC está constando instalado o antivirus Baidu. Você quer desinstalá-lo ou quer continuar com ele?

Seja qual for a sua resposta para a pergunta acima, faça este procedimento abaixo:

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue relatório do Zoek.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 16/06/2014 at 16:13:09,96.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek (2).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes

==== System Restore Info ======================

16/06/2014 16:14:21 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\famlia\.android deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Baidu deleted
C:\Users\famlia\AppData\Local\BITD0A7.tmp deleted
C:\Users\famlia\AppData\Local\nslFDC0.tmp deleted
C:\Users\famlia\AppData\Local\hosts deleted
C:\Users\famlia\AppData\Local\avgchrome deleted
C:\Users\famlia\AppData\Local\cache deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (1).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (2).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup (3).exe deleted
C:\Users\famlia\Downloads\DownloadManagerSetup.exe deleted
C:\Users\famlia\Downloads\SoftonicDownloader_para_microsoft-office-2007-service-pack-1.exe deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Users\wangzhisong deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
"C:\Users\famlia\AppData\Local\{B72A09A8-3238-49CB-B0C1-1431D1BCEDE4}" deleted
"C:\Users\famlia\AppData\Local\{C480797A-FCC4-4553-9245-A666A491A0AE}" deleted

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-08-18 07:46:14 2013-11-21 16:42:09 -------- d-----w- C:\Program Files\Baidu Security
2013-11-21 16:42:09 2014-06-16 19:09:47 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\ProgramData\Baidu Security
2013-11-21 16:42:17 2013-11-21 16:42:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\Users\All Users\Baidu Security
2013-11-21 16:42:17 2013-11-21 16:42:17 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-11-21 16:33:38 2013-11-21 16:33:38 -------- d-----w- C:\Users\famlia\AppData\Local\Temp\baidu_secure
2013-08-18 07:46:24 2013-08-18 07:46:24 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security
2013-12-24 03:37:36 2013-12-24 03:37:36 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-24 03:37:37 2013-12-24 03:37:38 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-24 03:37:40 2013-12-24 03:37:40 -------- d-----w- C:\Users\famlia\Documents\Baidu Security
2014-06-16 14:00:49 2014-06-16 14:00:49 -------- d-----w- C:\Users\Public\Documents\Baidu
2013-11-08 23:41:25 2013-11-11 17:44:33 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu

==== Files Found ======================


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 8BBF42A26C88190BDD1A68B6861A160E
SHA1: 65C2E78E1E41BB0554D9C2D16214215676642F02


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 8BBF42A26C88190BDD1A68B6861A160E
SHA1: 65C2E78E1E41BB0554D9C2D16214215676642F02


--- C:\Users\famlia\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.7.1.41942
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 10485488
Created time: 2013-11-08 23:37:33
Modified time: 2013-11-08 23:37:33
MD5: FCDDA1F1EE22BB14060FD553CB3A4048
SHA1: 06D14594FFE985E1E529EE87B3E2AAA04F937F02


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1160
Created time: 2013-11-21 16:42:17
Modified time: 2014-04-09 05:04:10
MD5: 9E6160DA884C2E7AAC6A89ED64DD2E9F
SHA1: CFB4DDC7CBC9C213B62672F2E395AEE9897ACA67


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-13 01-29-59-0140-[23591].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-16 01-00-14-0513-[29999].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-20 01-56-47-0485-[5017].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-03-15-0555-[28041].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-03 02-06-58-0606-[14896].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-37-00-0500-[8759].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-55-07-0550-[21251].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-43-30-0218-[28976].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-24 02-49-46-0244-[8085].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-26 02-28-18-0264-[12870].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-05-28-0684-[3611].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-47-09-0071-[15456].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-25-26-0562-[21202].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-32-01-0508-[22491].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-10 03-08-05-0276-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F27BC4BB-38AC-41DA-8D8A-FCFB6FC1B622}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@RichMediaViewV1release4262.net"="C:\Program Files\RichMediaViewV1\RichMediaViewV1release4262\ff" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
6E594B2243C3F218A51234F18E7F36C1 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\famlia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
8006FC6A9A7C3168EF15DBA842C3AFC5 - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll - Silverlight Plug-In
C04B0BCA15F30CF7D68E7733997EA90B - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]
lmffckjinakgcgldhdgjdakahpdejgdp - C:\Program Files\RichMediaViewV1\RichMediaViewV1release4262\ch\RichMediaViewV1release4262.crx[]

Google Docs - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
PDF Viewer - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm
Gmail - famlia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2007-service-pack-1.softonic.com.br_0.localstorage deleted successfully
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-office-2010.softonic.com.br_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=bav_pro_hp_01_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=bav_pro_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} PSafe ClikSeguro Url="http://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1973d53b-7311-45d7-8270-f44571c041a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1973d53b-7311-45d7-8270-f44571c041a0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{d1d3c159-68eb-45b2-976f-013de6111d77} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@flashenhancer.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@RichMediaViewV1release4262.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\famlia\Desktop\AdwCleaner (1) - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner (1).exe
C:\Users\famlia\Desktop\AdwCleaner (2) - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner (2).exe
C:\Users\famlia\Desktop\AdwCleaner - Atalho.lnk - C:\Users\famlia\Downloads\AdwCleaner.exe
C:\Users\famlia\Desktop\Continuar a Instalação de Skype.lnk -
C:\Users\famlia\Desktop\Continue Download Manager Installation.lnk - C:\Users\famlia\AppData\Local\Temp\ICReinstall_DownloadManagerSetup (3).exe /RR
C:\Users\famlia\Desktop\JRT - Atalho.lnk - C:\Users\famlia\Downloads\JRT.exe
C:\Users\famlia\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\famlia\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\famlia\Desktop\zoek (2) - Atalho.lnk - C:\Users\famlia\Downloads\zoek (2).exe
C:\Users\famlia\Desktop\zoek - Atalho.lnk - C:\Users\famlia\Downloads\zoek.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced File Optimizer.lnk - C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 3050 J610 series.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HP Deskjet 3050 J610 series.exe
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverterLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Registrar.lnk - C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Verificar atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk - C:\Program Files\Haali\MatroskaSplitter\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk - C:\Program Files\Haali\MatroskaSplitter\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\famlia\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\famlia\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Desinstalar.lnk - C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe -uninst -runfromtemp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk - C:\Program Files\Xvid\MiniConvert.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\xvid_encraw.lnk - C:\Windows\system32\cmd.exe /k ""C:\Program Files/Xvid\xvid_encraw.exe"" -h
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk - C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\famlia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:52134;https=127.0.0.1:52134;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lmffckjinakgcgldhdgjdakahpdejgdp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeWDS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCake Desktop deleted successfully

==== Empty IE Cache ======================

C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGV16UW will be deleted at reboot
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMV1ILQY will be deleted at reboot
C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\famlia\AppData\Local\Mozilla\Firefox\Profiles\isyhr1bp.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2050 folders=29 46505727 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\famlia\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\famlia\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7QGV16UW" not found
"C:\Users\famlia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMV1ILQY" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 16/06/2014 at 16:38:54,14 ======================

Faltou você responder a pergunta: No seu PC está constando instalado o antivirus Baidu. Você quer desinstalá-lo ou quer continuar com ele?
_______________________________________________________________________________________________________________

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que está salvo em sua área de trabalho com o nome de JRT.txt

Mas caso você já tenha excluído este relatório, execute novamente o Junkware seguindo as dicas deste tutorial abaixo e depois disto poste o novo relatório que ele irá criar:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Ficamos na espera.

Vou desinstalar.

DELCIDES CORTELLO escreveu:
Vou desinstalar.

Ok, depois de desinstalá-lo poste por gentileza o relatório do Junkware Removal Tool.

Tenho o relatório do dia 15/06, pode ser?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by famlia on 15/06/2014 at 23:26:53,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"



~~~ FireFox

Successfully deleted: [File] C:\Users\famlia\AppData\Roaming\mozilla\firefox\profiles\isyhr1bp.default\user.js
Successfully deleted the following from C:\Users\famlia\AppData\Roaming\mozilla\firefox\profiles\isyhr1bp.default\prefs.js

user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320052&octid=EB_ORIGINAL_CTID&ISID=MAF88B3FE-5CB0-408D-B66C-42420AFABF0C&SearchSource=69&CUI=&SSPV=&Lay
user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=incore_pay_hp_05_hao123_br");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/06/2014 at 23:33:46,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ok, pode ser este mesmo. Quando você terminar de desinstalar o Baidu você me avisa.

Ok, já foi desinstalado.

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue relatório.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 19/06/2014 at 15:54:29,82.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-08-18 07:46:14 2013-11-21 16:42:09 -------- d-----w- C:\Program Files\Baidu Security
2013-11-21 16:42:09 2014-06-18 18:36:35 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-16 19:38:38 2014-06-16 19:38:38 -------- d-----w- C:\ProgramData\Baidu
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-16 19:38:38 2014-06-16 19:38:38 -------- d-----w- C:\Users\All Users\Baidu
2013-08-18 07:46:12 2014-03-05 03:23:35 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-18 16:42:11 2014-06-18 16:42:11 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu
2013-08-18 07:46:24 2013-08-18 07:46:24 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security
2014-06-18 16:42:11 2014-06-18 16:45:06 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu\Baidu Antivirus
2013-12-24 03:37:36 2013-12-24 03:37:36 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-24 03:37:37 2013-12-24 03:37:38 -------- d-----w- C:\Users\famlia\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-24 03:37:40 2013-12-24 03:37:40 -------- d-----w- C:\Users\famlia\Documents\Baidu Security
2014-06-16 14:00:49 2014-06-16 14:00:49 -------- d-----w- C:\Users\Public\Documents\Baidu
2013-11-08 23:41:25 2013-11-11 17:44:33 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu

==== Files Found ======================


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-01-13 01-29-59-0140-[23591].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-16 01-00-14-0513-[29999].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-20 01-56-47-0485-[5017].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-03-15-0555-[28041].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-03 02-06-58-0606-[14896].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-05 02-37-00-0500-[8759].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-55-07-0550-[21251].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-12 02-43-30-0218-[28976].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-24 02-49-46-0244-[8085].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-26 02-28-18-0264-[12870].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-05-28-0684-[3611].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-47-09-0071-[15456].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-25-26-0562-[21202].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-10 03-32-01-0508-[22491].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-03-10 03-08-05-0276-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2051 folders=32 46505727 bytes)

==== EOF on 19/06/2014 at 16:00:49,23 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue relatório.

Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by famlia on 20/06/2014 at 11:50:23,34.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes
C:\zoek-results2014-06-19-190049.log 27187 bytes

==== System Restore Info ======================

20/06/2014 11:52:51 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-03-10 03-13-03-0417-[0041].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]
[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\famlia\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_GL1.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\010914-38391-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011014-49748-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\011614-47751-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\020814-34601-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\021114-44897-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090513-14913-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091613-14164-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\091813-16255-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\092413-13150-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\111413-12807-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130244673766416161.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130289251366104160.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130337082001788609.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130338076373968789.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130343350615112562.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130363153927156548.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130366033066404688.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-23 21_32_25_0974rpdata.dat"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu deleted
C:\ProgramData\Baidu Security deleted
C:\Users\famlia\AppData\Roaming\Baidu deleted
C:\Users\famlia\AppData\Roaming\Baidu Security deleted
C:\Users\famlia\Documents\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted

==== Folders Found ======================

2014-06-13 20:20:07 2014-06-13 20:20:07 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-13 20:21:30 2014-06-13 20:21:31 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-20 14:54:15 2014-06-20 14:54:15 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-20 14:54:16 2014-06-20 14:54:16 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-20 14:54:16 2014-06-20 14:54:16 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-20 14:54:16 2014-06-20 14:54:27 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-16 19:26:36 2014-06-16 19:26:36 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-20 14:54:31 2014-06-20 14:54:33 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-20 14:54:33 2014-06-20 14:54:45 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-20 14:54:49 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_Documents_Baidu Security
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-20 14:54:15 2014-06-20 14:54:15 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-20 14:54:51 2014-06-20 14:54:51 -------- d---a-w- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-05-03 01:04:03
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Cookies\famlia@pcfaster.baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2013-08-18 20:39:21
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Microsoft_Windows_Cookies_famlia@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-20 14:54:52
Modified time: 2014-05-03 01:04:03
MD5: 0EB6D605DF6CC0E351CBB7B5FF74A6E6
SHA1: 1A5BF6EFE384E28C7D6670AB020E49A8D41045E4


--- C:\zoek_backup\C_Users_famlia_AppData_Roaming_Microsoft_Windows_Cookies_famlia@pcfaster.baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 76
Created time: 2014-06-20 14:54:52
Modified time: 2013-08-18 20:39:21
MD5: 919F58897A4B088A1F14A3A8342AFC08
SHA1: F7F7FEB158DA347F4353431E6DF4F77A61168274


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3414
Created time: 2014-06-16 19:27:39
Modified time: 2014-04-09 05:04:09
MD5: ABA94BB531FE4C1FE09340EB97D2BA79
SHA1: 4D052FC28345D466859D8A2258141D24A0CD0B78


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2851 folders=101 570752700 bytes)

==== EOF on 20/06/2014 at 11:56:53,79 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue relatório.


Zoek.exe v5.0.0.0 Updated 20-06-2014
Tool run by famlia on 21/06/2014 at 19:12:08,40.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\famlia\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-16-032842.log 1475 bytes
C:\zoek-results2014-06-16-065258.log 1391 bytes
C:\zoek-results2014-06-16-072759.log 1617 bytes
C:\zoek-results2014-06-16-193854.log 58467 bytes
C:\zoek-results2014-06-19-190049.log 27187 bytes
C:\zoek-results2014-06-20-145653.log 31139 bytes

==== System Restore Info ======================

21/06/2014 19:14:34 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1499970450-3319737762-1360718297-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2851 folders=101 570752700 bytes)

==== EOF on 21/06/2014 at 19:15:29,49 ======================

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Segue relatório do ZHP.


~ Relatório do ZHPDiag v2014.6.23.97 - Nicolas Coolman (23/06/2014)
~ Iniciado por famlia (24/06/2014 00:10:04)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4714
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 69 GB (29%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMLIA-PC
~ User Name: famlia
~ All Users Names: HomeGroupUser$, famlia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\famlia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\famlia\AppData\Roaming\
~ %Desktop% : C:\Users\famlia\Desktop\
~ %Favorites% : C:\Users\famlia\Favorites\
~ %LocalAppData% : C:\Users\famlia\AppData\Local\
~ %StartMenu% : C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 69 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.15/01/2011 - 22:34:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.44214C94911C7CFB1D52CB64D5E8368D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/01/2011 - 22:32:56.) -- C:\Windows\System32\wininet.dll [980992]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.15/01/2011 - 22:32:05.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.15/01/2011 - 22:34:39.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/01/2011 - 22:33:52.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2011 - 22:32:12.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/01/2011 - 22:31:19.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/01/2011 - 22:33:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.15/01/2011 - 22:32:23.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.15/01/2011 - 22:33:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.15/01/2011 - 22:37:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.15/01/2011 - 22:32:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/129
~ Mes musiques (My Musics) : 196/2355
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 10/9735
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 21s



---\\ Processos lançados
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3436]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.3480]
[MD5.16AFB34618E1286FF856DC600AC49C79] - (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.3600]
[MD5.206402023C2098917082B5F76F1B4F51] - (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144] [PID.3736]
[MD5.8C46AD1E382018E0B4D6E31B9AB27E5C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [21445248] [PID.3888]
[MD5.711B371AF683DCE24CCE6D20822B72ED] - (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe [2421488] [PID.3900] =>PUP.ContentExplorer
[MD5.0F6D06A88A88007AAEE5F0EE1ECE42E4] - (...) -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe [70880] [PID.3948]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3076]
[MD5.79A2C7527829F70FD5E59287B700D47C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071168] [PID.4400]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49460;https=127.0.0.1:49460; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Advanced File Optimizer.lnk . (.Systweak - Advanced File Optimizer.) -- C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe =>PUP.AdvancedFileOptimizer
O4 - GS\QuickLaunch [famlia]: Advanced File Optimizer.lnk . (.Systweak - Advanced File Optimizer.) -- C:\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe =>PUP.AdvancedFileOptimizer
~ Global Startup: 2 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX Media Server Launcher.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [fst_br_127] Chave orfã
O4 - HKCU\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\famlia\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Sony PC Companion] . (.Sony - Sony PC Companion.) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\famlia\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1499970450-3319737762-1360718297-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.125 201.6.2.225
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: fpvoixdaog32 (fpvoixdaog32) . (...) - C:\Program Files\002\fpvoixdaog32.exe (.not file.) =>PUP.AdPeak
O23 - Service: Update Greener Web (Update Greener Web) . (...) - C:\Program Files\Greener Web\updateGreenerWeb.exe (.not file.) =>PUP.GreenerWeb
~ Services: 5 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [PerfMonitor_strtp] (...) -- C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe (.not file.) [0] =>PUP.OptimizerEliteMax
[MD5.B52C9369CFD0B07290AA3DEBA1599AB6] [APT] [{2F744ADD-C59B-4227-8374-7199B564FF4B}] (.Browser Opt-out.) -- C:\Users\famlia\Downloads\uninstall (1).exe [821760]
[MD5.00000000000000000000000000000000] [APT] [{5B1FF025-2C03-4DC2-8CF3-F5A38ED13B14}] (...) -- C:\Program Files\Easy Deals\Uninstall.exe (.not file.) [0] =>PUP.EasyDeals
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000UA [932]
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\Tasks\PerfMonitor_strtp.job [276]
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\System32\Tasks\PerfMonitor_strtp [276]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver: (360RegOem) . (.360安全中心 - 360RegOem.) - C:\Windows\system32\drivers\360RegOem.sys
O41 - Driver: (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw) . (...) - C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw) . (...) - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys
~ Drivers: 96 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Advanced File Optimizer - (.Systweak Software.) [HKLM] -- Advanced File Optimizer_is1 =>PUP.AdvancedFileOptimizer
O42 - Logiciel: BrowseBurst - (.BrowseBurst.) [HKLM] -- BrowseBurst
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: Rich Media View - (.Rich Media View.) [HKLM] -- RichMediaViewV1release4262 =>PUP.MediaViewer
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BrowseBurst]
[HKCU\Software\BrowserOptout] =>PUP.Dealply
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\PCDataApp]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\360Safe]
[HKLM\Software\BrowserOptout] =>PUP.Dealply
[HKLM\Software\Easy Deals] =>PUP.EasyDeals
[HKLM\Software\Highlightly]
[HKLM\Software\PCDataApp]
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer
[HKLM\Software\RrFilter] =>PUP.SupraSavings
[HKLM\Software\hosts]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/01/2014 - 19:01:23 - [] ----D C:\Program Files\Advanced File Optimizer =>PUP.AdvancedFileOptimizer
O43 - CFD: 21/06/2014 - 17:25:35 - [] ----D C:\Program Files\BrowseBurst
O43 - CFD: 05/05/2014 - 00:15:05 - [0] ----D C:\Program Files\PCDApp =>Trojan.BitCoinMiner
O43 - CFD: 19/06/2014 - 17:54:00 - [] ----D C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 02/05/2014 - 23:34:44 - [] ----D C:\Users\famlia\AppData\Local\com
~ Program Folder: 138 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DDC0B6672AB7862A3C2D7AA2ADB6B645] - 13/06/2014 - 16:42:39 ---A- . (.No owner - Setup/Uninstall.) -- C:\Windows\unins000.exe [715038]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 13/06/2014 - 16:42:49 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.526B169E421FDE6E26CE2359030CCBC2] - 13/06/2014 - 16:43:07 ---A- . (...) -- C:\Windows\unins000.dat [1786]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [240640]
O44 - LFC:[MD5.5E8CD1804C1A035311F5DA9C1048F024] - 13/06/2014 - 16:44:23 ---A- . (...) -- C:\Windows\System32\xvid.ax [153088]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 13/06/2014 - 17:17:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.E189421D996E995725FEBEA039239FD0] - 16/06/2014 - 00:28:42 ---A- . (...) -- C:\zoek-results2014-06-16-032842.log [1475]
O44 - LFC:[MD5.0FB41E6788E68B4D45F59729CF972421] - 16/06/2014 - 03:52:58 ---A- . (...) -- C:\zoek-results2014-06-16-065258.log [1391]
O44 - LFC:[MD5.CB2206A3820B3BE39183DB2CD004AEAD] - 16/06/2014 - 04:27:59 ---A- . (...) -- C:\zoek-results2014-06-16-072759.log [1617]
O44 - LFC:[MD5.EB4B028119BF38D2DA51AFD33B57E91E] - 16/06/2014 - 16:38:54 ---A- . (...) -- C:\zoek-results2014-06-16-193854.log [58467]
O44 - LFC:[MD5.6FF687681D18DD0A9691C66D7231C449] - 18/06/2014 - 10:33:24 ---A- . (...) -- C:\Windows\DPINST.LOG [64680]
O44 - LFC:[MD5.89B955BAE99B00A63A8253D28B6BAE1E] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.18E625D35AFF15AFB5B79BF5465A0446] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.50EF4CB831C16093227729C83EC73739] - 19/06/2014 - 16:00:49 ---A- . (...) -- C:\zoek-results2014-06-19-190049.log [27187]
O44 - LFC:[MD5.50ABC193CF7DD29B7E0FE7C81D76604F] - 20/06/2014 - 11:34:10 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.7F5987B50B6A3EEA0F2C131DD827CB4E] - 20/06/2014 - 11:56:53 ---A- . (...) -- C:\zoek-results2014-06-20-145653.log [31139]
O44 - LFC:[MD5.1E99117FFEC609EE8C5C34688D7AF3C1] - 21/06/2014 - 19:15:29 ---A- . (...) -- C:\zoek-results.log [2479]
~ Files: 34 Legitimates Filtered in 00mn 09s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2197bc21-08d9-11e3-8c78-506313dd7f79}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/02/2014 - 14:45:54 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [47488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys [52928]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys [52928]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\System32\drivers\360HookOEM.sys (360HookOem) .(.360安全中心 - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360RegOem.sys (360RegOem) .(.360安全中心 - 360RegOem.) - LEGACY_360REGOEM
O64 - Services: CurCS - 11/08/2013 - C:\Windows\System32\drivers\360SpOEM.sys (360SpOEM) .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SPOEM
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\bnbasex.sys (Bnbase) .(...) - LEGACY_BNBASE
O64 - Services: CurCS - 12/05/1744 - C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys (Spring) .(...) - LEGACY_SPRING
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw.sys ({890a8319-7c6f-45e4-a506-152b8d2d9310}Gw) .(...) - LEGACY_{890A8319-7C6F-45E4-A506-152B8D2D9310}GW
O64 - Services: CurCS - 12/05/1744 - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw.sys ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw) .(...) - LEGACY_{A3F28269-AD17-41A8-B032-3E0313EF8979}GW
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32 =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32 =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASMANCS =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASMANCS =>Adware.WebCake
~ BTK: 397 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter
~ BCK: 4952 Legitimates Filtered in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (23/06/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 20

[HKLM\SYSTEM\CurrentControlSet\Services\fpvoixdaog32] =>PUP.AdPeak^
[HKLM\SYSTEM\CurrentControlSet\Services\Update Greener Web] =>PUP.GreenerWeb^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Advanced File Optimizer_is1] =>PUP.AdvancedFileOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RichMediaViewV1release4262] =>PUP.MediaViewer^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AVG-Secure-Search-Update_1213b =>Toolbar.AVGSearch^
C:\Program Files\Advanced File Optimizer =>PUP.AdvancedFileOptimizer^
C:\Program Files\PCDApp =>Trojan.BitCoinMiner^
C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe =>PUP.ContentExplorer^
[HKCU\Software\BrowserOptout] =>PUP.Dealply^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
[HKLM\Software\BrowserOptout] =>PUP.Dealply^
[HKLM\Software\Easy Deals] =>PUP.EasyDeals^
[HKLM\Software\RichMediaViewV1] =>PUP.MediaViewer^
[HKLM\Software\RrFilter] =>PUP.SupraSavings^
[HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}] (PriceMeterLiveUpdate.OneClickProcessLauncher) =>PUP.PriceMeter^
[HKCR\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}] (PriceMeterLiveUpdate Legacy On Demand) =>PUP.PriceMeter^
[HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
[HKCR\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}] (PriceMeterLiveUpdate Broker Class Factory) =>PUP.PriceMeter^
[HKCR\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}] (PriceMeterLiveUpdate Core Class) =>PUP.PriceMeter^
[HKCR\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}] (PriceMeterLiveUpdate Process Launcher Class) =>PUP.PriceMeter^
[HKCR\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}] (PriceMeterLiveUpdate Update Plugin) =>PUP.PriceMeter^
~ Additionnel Scan: 162238 Items scanned in 00mn 34s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdPeak
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.GreenerWeb
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerEliteMax
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.EasyDeals
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealply
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Forumer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.weDownloadManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.BitCoinMiner
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchYa
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.WebCake
~ MSI: 18 link(s) detected in 00mn 00s



~ 715 Legitimates filtered by white list
End of the scan (527 lines in 02mn 20s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Agradeço pela dica.
Segue relatório do ZHPFix.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by famlia at 24/06/2014 18:37:06
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 10s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\advanced file optimizer\unins000.exe
AUSENTE Uninstall Process: c:\program files\browseburst\browseburstuninstall.exe
AUSENTE Uninstall Process: c:\users\famlia\appdata\roaming\contentexplorer\uninstall.exe

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe

========== Estado dos serviços ==========
360HOOKOEM Parado
360REGOEM Parado
360SPOEM Parado
BNBASE Parado
SPRING Parado
{890A8319-7C6F-45E4-A506-152B8D2D9310}GW Parado
{A3F28269-AD17-41A8-B032-3E0313EF8979}GW Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced File Optimizer_is1]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseBurst]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ Driver Key: 360SpOEM
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: {890a8319-7c6f-45e4-a506-152b8d2d9310}Gw
ELIMINÉ Driver Key: {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw
ELIMINÉ: HKCU\Software\BrowseBurst
ELIMINÉ: HKCU\Software\BrowserOptout
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\ForumerIT
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ: HKCU\Software\WeDlMngr
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\BrowserOptout
ELIMINÉ: HKLM\Software\Highlightly
ELIMINÉ: HKLM\Software\PCDataApp
ELIMINÉ: HKLM\Software\RichMediaViewV1
ELIMINÉ: HKLM\Software\RrFilter
ELIMINÉ: HKLM\Software\hosts
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update-1213b_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_somoto_14693_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MetaCrawlerSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RBCB_p3v9_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\webcake_0108-b8e64d19-11F0_RASMANCS
ELIMINÉ: HKCR\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
ELIMINÉ: HKCR\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\advanced file optimizer.lnk
ELIMINÉ: c:\program files\advanced file optimizer\advancedfileoptimizer.exe
ELIMINÉ: c:\users\famlia\appdata\roaming\microsoft\internet explorer\quick launch\advanced file optimizer.lnk
ELIMINA REINICIAR: c:\users\famlia\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ: c:\windows\system32\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}gw.sys
ELIMINÉ: c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}gw.sys
ELIMINÉ:** c:\users\famlia\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows ( (22.529.414 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: PerfMonitor_strtp
ELIMINÉ: {2F744ADD-C59B-4227-8374-7199B564FF4B}
ELIMINÉ: {5B1FF025-2C03-4DC2-8CF3-F5A38ED13B14}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
49 : Chaves do Registo
7 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
12 : Ficheiros
3 : Softwares
7 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 02mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2014 18:37:17 [5779]

Reinicie o PC para o ZHP completar a limpeza dele. Depois de reiniciar faça o seguinte, por gentileza:

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

ok. Segue relatório.

~ Relatório do ZHPDiag v2014.6.23.97 - Nicolas Coolman (23/06/2014)
~ Iniciado por famlia (24/06/2014 19:53:02)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.4714
McAfee Security Scan Plus v3.0.318.3
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 70 GB (29%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: FAMLIA-PC
~ User Name: famlia
~ All Users Names: HomeGroupUser$, famlia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\famlia\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\famlia\AppData\Roaming\
~ %Desktop% : C:\Users\famlia\Desktop\
~ %Favorites% : C:\Users\famlia\Favorites\
~ %LocalAppData% : C:\Users\famlia\AppData\Local\
~ %StartMenu% : C:\Users\famlia\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 70 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.15/01/2011 - 22:34:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.44214C94911C7CFB1D52CB64D5E8368D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/01/2011 - 22:32:56.) -- C:\Windows\System32\wininet.dll [980992]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.15/01/2011 - 22:32:05.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.15/01/2011 - 22:34:39.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/01/2011 - 22:33:52.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2011 - 22:32:12.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.15/01/2011 - 22:31:19.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/01/2011 - 22:33:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.15/01/2011 - 22:32:23.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.15/01/2011 - 22:33:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.15/01/2011 - 22:37:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.15/01/2011 - 22:32:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.15/01/2011 - 22:31:23.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/129
~ Mes musiques (My Musics) : 196/2355
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 10/9738
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 27s



---\\ Processos lançados
[MD5.79A2C7527829F70FD5E59287B700D47C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8071168] [PID.3764]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\famlia\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 05s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\famlia\AppData\Roaming\Mozilla\Firefox\Profiles\isyhr1bp.default\prefs.js
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53315;https=127.0.0.1:53315 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{8240E330-2826-4F53-B814-BB0A4921BBA4}: DhcpNameServer = 201.6.2.125 201.6.2.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.125 201.6.2.225
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1499970450-3319737762-1360718297-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\BrowseBurst]
[HKLM\Software\Easy Deals] =>PUP.EasyDeals
[HKLM\Software\RichMediaViewV1release4262] =>PUP.MediaViewer
~ Key Software: 162 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/06/2014 - 18:37:06 - [0] ----D C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 02/05/2014 - 23:34:44 - [] ----D C:\Users\famlia\AppData\Local\com
~ Program Folder: 136 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DDC0B6672AB7862A3C2D7AA2ADB6B645] - 13/06/2014 - 16:42:39 ---A- . (.No owner - Setup/Uninstall.) -- C:\Windows\unins000.exe [715038]
O44 - LFC:[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - 13/06/2014 - 16:42:49 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [216064]
O44 - LFC:[MD5.526B169E421FDE6E26CE2359030CCBC2] - 13/06/2014 - 16:43:07 ---A- . (...) -- C:\Windows\unins000.dat [1786]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 13/06/2014 - 16:44:22 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [240640]
O44 - LFC:[MD5.5E8CD1804C1A035311F5DA9C1048F024] - 13/06/2014 - 16:44:23 ---A- . (...) -- C:\Windows\System32\xvid.ax [153088]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 13/06/2014 - 17:17:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.E189421D996E995725FEBEA039239FD0] - 16/06/2014 - 00:28:42 ---A- . (...) -- C:\zoek-results2014-06-16-032842.log [1475]
O44 - LFC:[MD5.0FB41E6788E68B4D45F59729CF972421] - 16/06/2014 - 03:52:58 ---A- . (...) -- C:\zoek-results2014-06-16-065258.log [1391]
O44 - LFC:[MD5.CB2206A3820B3BE39183DB2CD004AEAD] - 16/06/2014 - 04:27:59 ---A- . (...) -- C:\zoek-results2014-06-16-072759.log [1617]
O44 - LFC:[MD5.EB4B028119BF38D2DA51AFD33B57E91E] - 16/06/2014 - 16:38:54 ---A- . (...) -- C:\zoek-results2014-06-16-193854.log [58467]
O44 - LFC:[MD5.89B955BAE99B00A63A8253D28B6BAE1E] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128094]
O44 - LFC:[MD5.18E625D35AFF15AFB5B79BF5465A0446] - 18/06/2014 - 17:54:18 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663804]
O44 - LFC:[MD5.50EF4CB831C16093227729C83EC73739] - 19/06/2014 - 16:00:49 ---A- . (...) -- C:\zoek-results2014-06-19-190049.log [27187]
O44 - LFC:[MD5.50ABC193CF7DD29B7E0FE7C81D76604F] - 20/06/2014 - 11:34:10 ---A- . (...) -- C:\Windows\win.ini [505]
O44 - LFC:[MD5.7F5987B50B6A3EEA0F2C131DD827CB4E] - 20/06/2014 - 11:56:53 ---A- . (...) -- C:\zoek-results2014-06-20-145653.log [31139]
O44 - LFC:[MD5.1E99117FFEC609EE8C5C34688D7AF3C1] - 21/06/2014 - 19:15:29 ---A- . (...) -- C:\zoek-results.log [2479]
~ Files: 33 Legitimates Filtered in 00mn 12s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2197bc21-08d9-11e3-8c78-506313dd7f79}\AutoRun\command. (...) -- E:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AVG-Secure-Search-Update_1213b [Key] . (...) -- C:\Users\famlia\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\ContentExplorer [Key] . (...) -- C:\Users\famlia\AppData\Roaming\ContentExplorer\ContentExplorer.exe (.not file.) =>PUP.ContentExplorer
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/08/2013 - 18:39:50 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/02/2014 - 14:45:54 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter.sys [47488]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 73 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/08/2013 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 91 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\519-utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-331-build-30017-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 375 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 12/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/06/2014 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13026 - (23/06/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_1213b] =>Toolbar.AVGSearch^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Users\famlia\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
[HKLM\Software\Easy Deals] =>PUP.EasyDeals^
[HKLM\Software\RichMediaViewV1release4262] =>PUP.MediaViewer^
~ Additionnel Scan: 160634 Items scanned in 00mn 42s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.EasyDeals
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 4 link(s) detected in 00mn 00s



~ 689 Legitimates filtered by white list
End of the scan (391 lines in 02mn 19s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Segue relatório.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by famlia at 25/06/2014 00:28:35
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 20s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/06/2014 18:37:17 [5860]
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R2].txt - 25/06/2014 00:22:01 [1658]
C:\Users\famlia\AppData\Roaming\ZHP\ZHPFix[R3].txt - 25/06/2014 00:28:55 [1313]