Baidu: como removê-lo do PC?

Boa  tarde !

Fui  baixar o  MV REGClean 6.9 no site superdowloads e veio o baidu antivirus,  a  toolbar Iminent  e um  tal de monogine com emotions    como malwares .      Quando vou desinstalar o mesmo  com o revo uninstall; o desinstalador revo  fecha .  

Editando :

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados:  v2014.01.29.05

Windows 7 x86 NTFS
Internet Explorer 11.0.9600.16476
EDSON :: EDSON-PC [administrador]

29/01/2014 16:07:34
mbam-log-2014-01-29 (16-07-34).txt

Tipo de Verificação:  Verificação Completa  (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados:  64141
Tempo decorrido: 20 minuto(s), 50 segundo(s) [cancelado]

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data:  -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Data:  -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4
C:\Users\EDSON\AppData\Local\Temp\uninstall.exe142d638 (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Local\Temp\Umbrella.exe142d916 (PUP.Optional.Iminent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Local\Temp\IminentUninstall.exe142d2fd (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\Downloads\MV-RegClean_69.exe (PUP.Optional.MultiInstall.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)






Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados:  v2014.01.29.05

Windows 7 x86 NTFS
Internet Explorer 11.0.9600.16476
EDSON :: EDSON-PC [administrador]

29/01/2014 16:30:36
mbam-log-2014-01-29 (16-30-36).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados:  218561
Tempo decorrido: 13 minuto(s), 28 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 1
C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 2
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\system32\rundll32.exe "C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A1O1I1R2XtM0D1L2W1G1B1G1D -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 4
C:\Users\EDSON\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.
C:\Users\EDSON\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 4
C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Será deletado na próxima inicialização.
C:\Users\EDSON\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)




Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados:  v2014.01.29.05

Windows 7 x86 NTFS
Internet Explorer 11.0.9600.16476
EDSON :: EDSON-PC [administrador]

29/01/2014 16:45:41
mbam-log-2014-01-29 (16-45-41).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados:  218441
Tempo decorrido: 10 minuto(s), 22 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 1
C:\Users\EDSON\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 2
C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Abraços

  Olá TEXTECH!

 Para evitar este problema no futuro é só ficar atento a esta dica abaixo:

Como baixar programas sem adwares no baixaki e superdownloads:

Quando for baixar alguma coisa pelo site Superdownloads, escolha sempre a opção "Ou clique aqui para fazer o download sem o instalador", a qual está localizada abaixo do botão "Clique para fazer o DOWNLOAD" > sempre que esta opção estiver disponível, para fazer o download de forma segura e sem adwares.

Para evitar baixar programas que contenham estes problemas embutidos, quando for baixar alguma coisa do Baixaki, veja se abaixo do botão "Baixar gratuito" há a frase "com instalador". Quando houver esta frase, passe o ponteiro do mouse sobre a opção "alterar" > marque a opção "sem instalador" > e clique então no botão Baixar gratuito.
__________________________________________________________________________________________________________

 Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Boa tarde !


[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Eis o log :



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:40:38, on 29/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Users\EDSON\Downloads\HijackThis (1).exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\EDSON\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2458CE2-E6B6-4CE4-8F90-BF654280773E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2458CE2-E6B6-4CE4-8F90-BF654280773E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2458CE2-E6B6-4CE4-8F90-BF654280773E}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6794 bytes


Obrigado e abraços

Siga, por gentileza, as dicas dos tutoriais abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Boa tarde !


Eis o log ; o baidu av bloqueou um arquivo bat do mesmo ; porém :



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Basic x86
Ran by EDSON on 29/01/2014 at 16:55:57,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/01/2014 at 17:08:09,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Abraços

Faltou o log do Adwcleaner.

Boa  tarde !


Eis :



# AdwCleaner v3.018 - Relatório criado 29/01/2014 às 17:13:49
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.102

[ Arquivo : C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [921 octets] - [29/01/2014 17:10:45]
AdwCleaner[S0].txt - [783 octets] - [29/01/2014 17:13:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [842 octets] ##########



Vendo um caso semelhante aqui [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ; rodei o zoek e :




Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by EDSON on 29/01/2014 at 16:28:24,91.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\EDSON\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29/01/2014 16:30:50 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_012014_1707.zip ======================

Copied file C:\Users\EDSON\AppData\Roaming\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

C:\Users\Public\Desktop\sample_012014_1707.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Users\EDSON\Downloads\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\EDSON\Downloads\adwcleaner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\EDSON\AppData\Roaming\newnext.me not found
C:\Users\EDSON\AppData\Local\genienext deleted
C:\Users\EDSON\daemonprocess.txt deleted
C:\Users\EDSON\AppData\Roaming\Baidu deleted
C:\ProgramData\FileSplitUpLoad.dll deleted
C:\Users\EDSON\AppData\Local\Mobogenie deleted
C:\Users\EDSON\AppData\Local\cache deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Users\EDSON\Documents\Mobogenie deleted
C:\Users\EDSON\AppData\Roaming\unins000.exe deleted

==== Folders Found ======================

2014-01-29 17:50:52 2014-01-29 17:50:52 -------- d-----w- C:\Arquivos de Programas\Baidu Security

==== Files Found ======================


--- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Arquivos de Programas\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\Programas\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Programas\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1138
Created time: 2014-01-29 17:51:45
Modified time: 2014-01-29 17:51:45
MD5: 7EF1DAAC50B4EBAC56F6986AE040522A
SHA1: 1C793F7E4B30A4AF7B6921CDF4AE59A42B796E1B


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1138
Created time: 2014-01-29 17:51:45
Modified time: 2014-01-29 17:51:45
MD5: 7EF1DAAC50B4EBAC56F6986AE040522A
SHA1: 1C793F7E4B30A4AF7B6921CDF4AE59A42B796E1B


--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1120
Created time: 2014-01-29 17:51:47
Modified time: 2014-01-29 17:51:47
MD5: C3C2A0AE8F815793DBADBDEFA82D0CDF
SHA1: CCE1D08F1FC2ACDAACA2F10D778E9D20389C318E


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F369DDF7-E54C-4706-AF0E-019D1B78245B}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\Capabilities]
"ApplicationIcon"="C:\\Program Files\\baidu\\Spark\\Spark.exe,0"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\DefaultIcon]
@="C:\\Program Files\\baidu\\Spark\\Spark.exe,0"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"ReinstallCommand"="C:\\Program Files\\baidu\\Spark\\Spark.exe --make-default-browser"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"HideIconsCommand"="C:\\Program Files\\baidu\\Spark\\Spark.exe --hide-icons"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"ShowIconsCommand"="C:\\Program Files\\baidu\\Spark\\Spark.exe --show-icons"

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\shell\open\command]
@="C:\\Program Files\\baidu\\Spark\\Spark.exe"

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Baidu Antivirus"="C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadwin PrintScreen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Gadwin PrintScreen"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe\" /nosplash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="Malwarebytes Anti-Malware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Folders ======================

2013-12-15 13:58:28 1242 ----a-w- C:\Users\EDSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/01/2014 10:49]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/07/2012 16:44]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [28/07/2012 16:44]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{2AB8C5EC-BAD4-4DF5-B5EE-7AFB9739EB97}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69}" ["C:\Program Files\COMODO\COMODO Internet Security\cis.exe"]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/01/2014 15:30]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\EDSON\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 15:27]

GBBD Banco do Brasil - EDSON\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
GBBD Banco do Brasil - EDSON\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Uninstall List x86 ======================

Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Flash Player 12 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Reader XI (11.0.06) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast]
Baidu Antivirus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
Comodo Dragon [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Comodo Dragon]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Gadwin PrintScreen [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gadwin PrintScreen]
GBBD Banco do Brasil [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Java 7 Update 51 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
Malwarebytes Anti-Malware versÆo 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
Microsoft .NET Framework 4.5.1 (Portuguˆs do Brasil) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046]
Microsoft .NET Framework 4.5.1 (PTB) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{31495D38-0A7A-3D27-845B-9210E6ED8CFE}]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}]
Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
Microsoft Office Enterprise 2007 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SkyDrive [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SkyDriveSetup.exe]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Revo Uninstaller 1.95 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller]
SkypeT 6.11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
swMSM [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}]
VC 9.0 Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}]

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2458CE2-E6B6-4CE4-8F90-BF654280773E}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

==== Empty IE Cache ======================

C:\Users\EDSON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\EDSON\AppData\Local\COMODO\Dragon\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=135 folders=27 4658760 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\EDSON\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\EDSON\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 29/01/2014 at 17:53:52,80 ======================



Abraços

Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
Copie todo este script que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]
 
*Durante o scan uma mensagem semelhante a esta abaixo será apresentada mostrando o progresso do escaneamento. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

 Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Boa noite !



Eis o log :




Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by EDSON on 29/01/2014 at 19:20:13,36.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\EDSON\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29/01/2014 19:21:38 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F369DDF7-E54C-4706-AF0E-019D1B78245B}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\Capabilities]
"ApplicationIcon"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\DefaultIcon]
@=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"ReinstallCommand"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"HideIconsCommand"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\InstallInfo]
"ShowIconsCommand"=-
[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Clients\StartMenuInternet\Spark\shell\open\command]
@=-

==== Deleting Files \ Folders ======================

C:\Arquivos de Programas\Baidu Security not found
C:\Program Files\Baidu Security not found
C:\Programas\Baidu Security not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus not found
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk" not found
"C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk" not found
"C:\Users\Public\Desktop\Baidu Antivirus.lnk" not found

==== Folders Found ======================


==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29/01/2014 at 19:28:04,14 ======================



Abraços

Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
 
 Copie todo este script que te passei e cole-o no espaço em branco do Zoek.
 
*Clique [Run Script]
 
*Durante o scan uma mensagem semelhante a esta abaixo será apresentada mostrando o progresso do escaneamento. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

 Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Boa noite !



Eis :




Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by EDSON on 29/01/2014 at 20:42:10,87.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\EDSON\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29/01/2014 20:43:58 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4116200772-1247309439-3526663088-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

==== Folders Found ======================


==== Files Found ======================


==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 29/01/2014 at 20:50:23,30 ======================



Abraços e obrigado

O log do Zoek está limpo, nada de errado foi encontrado.

Como está o PC após estas limpezas?

Bom fim de noite !


Está tudo normalizado agora .



Abraços e obrigado

  Fico feliz que o problema tenha sido resolvido.

Só para finalizar faça estes últimos procedimentos, por gentileza:

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:


Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

__________________________________________________________________________________________________________________

Depois disto siga também as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções  Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt

   Foi um prazer ajudar, conte sempre conosco!

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.