Remoção do Baidu após Adw, JRT, Hijack, Revo e Ccleaner?

Olá, primeiro de tudo gostaria de agradecer pelo serviço prestado nesse fórum.

Bem, estou tentando me livrar do Baidu desde ontem quando baixei o programa Alcohol 120 e o mesmo estava infectado.

Já rodei o Adw, JRT, Hijack This, Revo e Ccleaner, nessa mesma ordem. Também baixei o OLE mas nao sei mexer. Durante toda esta operação o pc parece que voltou a velocidade normal mas a ameaça segue iminente.

Vou colocar os dados encontrados pelo ADW Cleaner e em anexo os logs do JRT, pode ser?



# AdwCleaner v3.023 - Relatório criado 06/04/2014 às 04:02:02
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : TICIANO - PC-TÉCE
# Executando de : C:\Users\TICIANO\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\TVersitybar
Pasta Deletada : C:\Users\TICIANO\AppData\Local\genienext
Pasta Deletada : C:\Users\TICIANO\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\TICIANO\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\TICIANO\AppData\LocalLow\TVersitybar
Pasta Deletada : C:\Users\TICIANO\AppData\Roaming\baidu
Pasta Deletada : C:\Users\TICIANO\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\TICIANO\Documents\Mobogenie

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ACE60B0C-6C93-40DB-A740-56F8F1DCE600}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BB30B4D1-3F91-4BD0-8DAF-87238A8AE463}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66BD2442-241B-44CD-8C7A-B51037053CDB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB30B4D1-3F91-4BD0-8DAF-87238A8AE463}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2A9F5D2-367C-4D69-B926-7E2B57A7B65A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{66BD2442-241B-44CD-8C7A-B51037053CDB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{66BD2442-241B-44CD-8C7A-B51037053CDB}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{66BD2442-241B-44CD-8C7A-B51037053CDB}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\TVersitybar
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\sweet-pageSoftware
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Vittalia
Chave Deletedo : HKLM\Software\TVersitybar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVersitybar Toolbar

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16843

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6549 octets] - [06/04/2014 03:56:33]
AdwCleaner[S0].txt - [5018 octets] - [06/04/2014 04:02:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5078 octets] ##########

  Olá Ticiano. Seja bem vindo ao Fórum PC Brasil.

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue o log de resultados do Zoek:


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by TICIANO on 06/04/2014 at 16:06:29,70.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TICIANO\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06/04/2014 16:07:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\TICIANO\daemonprocess.txt deleted
C:\Users\TICIANO\.android deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Baidu deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\TICIANO\AppData\Local\cache deleted
C:\Users\TICIANO\Downloads\BearShareSetup-r1429-w-bc.exe deleted
C:\Users\TICIANO\Downloads\SoftonicDownloader_para_ubuntu.exe deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted

==== Folders Found ======================

2014-04-06 07:02:03 2014-04-06 07:02:03 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-06 06:13:55 2014-04-06 06:13:55 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-04-06 06:13:55 2014-04-06 19:06:35 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-04-06 07:47:27 2014-04-06 07:47:27 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update\baidu
2014-04-06 06:15:13 2014-04-06 06:15:13 -------- d-----w- C:\ProgramData\Baidu Security
2014-04-06 06:14:59 2014-04-06 06:15:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-06 06:15:13 2014-04-06 06:15:13 -------- d-----w- C:\Users\All Users\Baidu Security
2014-04-06 06:14:59 2014-04-06 06:15:00 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-06 06:05:29 2014-04-06 06:05:29 -------- d-----w- C:\Users\TICIANO\AppData\Local\Temp\baidu_secure
2014-04-06 06:15:13 2014-04-06 06:15:13 -------- d-----w- C:\Users\Todos os Usuários\Baidu Security
2014-04-06 06:14:59 2014-04-06 06:15:00 -------- d-----w- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-04-06 19:21:27 2014-04-06 19:21:27 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu

==== Files Found ======================


--- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 06:14:59
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 06:14:59
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


--- C:\Users\Public\Desktop\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1209
Created time: 2014-04-06 06:15:00
Modified time: 2014-04-06 06:15:00
MD5: 1C9DC667461BA2F1C64810B7A9F26C6C
SHA1: 8C1410FDA79C576BEDC0E5BEFC994F4B45E42150


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\decrypter\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 12612
Created time: 2014-01-14 04:31:39
Modified time: 2014-03-24 02:22:22
MD5: 39E03EF1DE54482C5596AE5598C415E3
SHA1: B2C55E383EC5F7FAB04859BE282C4A3D58C0A7B5


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\hoster\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 9014
Created time: 2014-01-14 04:33:07
Modified time: 2014-03-24 02:29:22
MD5: 27E5EB91CAF7C00CB9F005C627214058
SHA1: 322E8ECBEFA71812A1DF523941699C09AE038AA9


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-04-06 19:21:27
Modified time: 2014-04-06 06:15:04
MD5: 516D1AEE4C584876CC16D0C61D72790D
SHA1: 5AC161FEE2F7490906CE0C12FB1E2C182D6A395C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\102113-13656-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130268382327929130.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\PC Faster]

"C:\\Users\\TICIANO\\Downloads\\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]\\Adobe CS6\\Set-up.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\102113-13656-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130268382327929130.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

==== Chrome Look ======================

Google Docs - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - TICIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_artigos.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_artigos.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ccleaner.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ccleaner.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_jdownloader.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_jdownloader.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_revo-uninstaller.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_revo-uninstaller.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ubuntu.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ubuntu.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E71F4D24-32FC-4015-980F-71AA7B57B395} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E71F4D24-32FC-4015-980F-71AA7B57B395} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\TICIANO\Desktop\Continue Codec Package Installation.lnk - C:\Users\TICIANO\AppData\Local\Temp\ICReinstall_CodecPackage.exe /RR
C:\Users\TICIANO\Desktop\Dropbox.lnk - C:\Users\TICIANO\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\TICIANO\Desktop\FastCopy.lnk - C:\Program Files (x86)\FastCopy\FastCopy.exe
C:\Users\TICIANO\Desktop\JDownloader.lnk -  
C:\Users\TICIANO\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\TICIANO\Desktop\TVersity.lnk - C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
C:\Users\TICIANO\Desktop\µTorrent.lnk - C:\Users\TICIANO\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\TICIANO\Desktop\box\box.lnk - C:\Users\TICIANO\Desktop\box
C:\Users\TICIANO\Desktop\mercadolivre\Manual do Usuário.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\Public\Desktop\calibre - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Fotor.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe EverimagingCo.Limited.Fotor
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk - C:\Fabricante\Manual do Usuario\Manual do Usuário.pdf
C:\Users\Public\Desktop\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.Positivo3DIncrvel
C:\Users\Public\Desktop\Skype.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe Microsoft.SkypeApp
C:\Users\Public\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\Public\Desktop\xbmc.lnk - C:\Program Files (x86)\XBMC\XBMC.exe

==== shortcuts in Users Start Menu ======================

C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\TICIANO\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\TICIANO\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\TICIANO\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack\Uninstall.lnk - C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack\Website.lnk - C:\Program Files (x86)\TVersity Codec Pack\TVersity Codec Pack.url
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Media Server.lnk - C:\ProgramData\TVersity\Media Server\web\admin\TVersity.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\Uninstall.lnk - C:\ProgramData\TVersity\Media Server\uninst.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\Website.lnk - C:\ProgramData\TVersity\Media Server\TVersity Media Server.url
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Tools\Restart TVersity Media Server.lnk - C:\ProgramData\TVersity\Media Server\MediaServer.exe -restart
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Tools\Share Media Command Prompt.lnk - C:\ProgramData\TVersity\Media Server\ShareMedia.bat
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Tools\Start TVersity Media Server.lnk - C:\ProgramData\TVersity\Media Server\MediaServer.exe -start
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Tools\Stop TVersity Media Server.lnk - C:\ProgramData\TVersity\Media Server\MediaServer.exe -stop
C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server\TVersity Tools\TVersity for Windows Media Center.lnk - C:\ProgramData\TVersity\Media Server\tversity.mcl

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\A.C.I.D. Wizard.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ACID.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\Alcohol Command Launcher.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxCmd.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\Alcohol Manual.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Help\ax_enu.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\Data-Type Analyzer.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxDTA.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%\Uninstall Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk - C:\Users\TICIANO\AppData\Local\JDownloader 0.9\JDownloaderD3D.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\TICIANO\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\TICIANO\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TICIANO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JDownloader.lnk - C:\Users\TICIANO\AppData\Local\JDownloader 0.9\JDownloaderD3D.exe
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TICIANO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TICIANO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\TICIANO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=15 15688040 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\TICIANO\AppData\Local\Temp will be emptied at reboot
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\TICIANO\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 06/04/2014 at 16:31:26,30 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Opa, já nao vejo mais o baidu!
Vou colocar o log dos results em anexo pois excedeu o limite da mensagem, ok?

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Opa, segue o log


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by TICIANO on 06/04/2014 at 18:38:57,72.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TICIANO\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-06-193126.log 31677 bytes
C:\zoek-results2014-04-06-203446.log 613494 bytes

==== System Restore Info ======================

06/04/2014 18:39:52 Zoek.exe System Restore Point Created Succesfully.

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Baidu Security not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update\baidu not found
C:\ProgramData\Baidu deleted
"C:\Users\Public\Desktop\Baidu Antivirus.lnk" deleted

==== Folders Found ======================

2014-04-06 07:02:03 2014-04-06 07:02:03 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-06 06:13:55 2014-04-06 21:38:56 -------- d-----w- C:\Users\TICIANO\AppData\Local\Temp\Baidu Security.tmp
2014-04-06 20:18:50 2014-04-06 20:18:50 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-04-06 20:19:18 2014-04-06 20:19:49 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-04-06 20:19:49 2014-04-06 20:19:50 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus_update_baidu
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-04-06 20:19:50 2014-04-06 20:19:50 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-06 20:19:50 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 19:21:27 2014-04-06 19:21:27 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Baidu
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Baidu Security
2014-04-06 20:19:51 2014-04-06 20:19:52 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 20:18:50 2014-04-06 20:19:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-04-06 20:19:18 2014-04-06 20:19:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\update\baidu
2014-04-06 20:19:49 2014-04-06 20:19:49 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\update\baidu

==== Files Found ======================


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\decrypter\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 12612
Created time: 2014-01-14 04:31:39
Modified time: 2014-03-24 02:22:22
MD5: 39E03EF1DE54482C5596AE5598C415E3
SHA1: B2C55E383EC5F7FAB04859BE282C4A3D58C0A7B5


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\hoster\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 9014
Created time: 2014-01-14 04:33:07
Modified time: 2014-03-24 02:29:22
MD5: 27E5EB91CAF7C00CB9F005C627214058
SHA1: 322E8ECBEFA71812A1DF523941699C09AE038AA9


--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1209
Created time: 2014-04-06 21:40:24
Modified time: 2014-04-06 06:15:00
MD5: 1C9DC667461BA2F1C64810B7A9F26C6C
SHA1: 8C1410FDA79C576BEDC0E5BEFC994F4B45E42150


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-04-06 19:21:27
Modified time: 2014-04-06 06:15:04
MD5: 516D1AEE4C584876CC16D0C61D72790D
SHA1: 5AC161FEE2F7490906CE0C12FB1E2C182D6A395C


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-04-06 20:19:07
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-04-06 20:19:07
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-04-06 20:19:26
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-04-06 20:19:26
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 20:19:51
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 20:19:51
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]

"C:\\Users\\TICIANO\\Downloads\\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\\Adobe CS6\\Set-up.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2483 folders=480 617397127 bytes)

==== EOF on 06/04/2014 at 18:42:22,53 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue o mais recente log:


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by TICIANO on 06/04/2014 at 19:13:29,55.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TICIANO\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-06-193126.log 31677 bytes
C:\zoek-results2014-04-06-203446.log 613494 bytes
C:\zoek-results2014-04-06-214222.log 13090 bytes

==== System Restore Info ======================

06/04/2014 19:21:11 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]
"C:\\Users\\TICIANO\\Downloads\\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\\Adobe CS6\\Set-up.exe"=-
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus\web]

==== Deleting Files \ Folders ======================

"C:\Users\TICIANO\AppData\Local\Temp\Baidu Security.tmp" not found

==== Folders Found ======================

2014-04-06 07:02:03 2014-04-06 07:02:03 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-06 20:18:50 2014-04-06 20:18:50 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-04-06 20:19:18 2014-04-06 20:19:49 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-04-06 20:19:49 2014-04-06 20:19:50 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus_update_baidu
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-04-06 20:19:50 2014-04-06 20:19:50 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-06 20:19:50 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 19:21:27 2014-04-06 19:21:27 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 21:40:24 2014-04-06 21:40:24 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Baidu
2014-04-06 20:19:51 2014-04-06 20:19:51 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Baidu Security
2014-04-06 20:19:51 2014-04-06 20:19:52 -------- d---a-w- C:\zoek_backup\C_Users_Todos os Usuários_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-04-06 20:18:50 2014-04-06 20:19:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-04-06 20:19:18 2014-04-06 20:19:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\update\baidu
2014-04-06 20:19:49 2014-04-06 20:19:49 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\update\baidu

==== Files Found ======================


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\decrypter\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 12612
Created time: 2014-01-14 04:31:39
Modified time: 2014-03-24 02:22:22
MD5: 39E03EF1DE54482C5596AE5598C415E3
SHA1: B2C55E383EC5F7FAB04859BE282C4A3D58C0A7B5


--- C:\Users\TICIANO\AppData\Local\JDownloader 0.9\jd\plugins\hoster\PanBaiduCom.class ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 9014
Created time: 2014-01-14 04:33:07
Modified time: 2014-03-24 02:29:22
MD5: 27E5EB91CAF7C00CB9F005C627214058
SHA1: 322E8ECBEFA71812A1DF523941699C09AE038AA9


--- C:\zoek_backup\C_Users_Public_Desktop_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1209
Created time: 2014-04-06 21:40:24
Modified time: 2014-04-06 06:15:00
MD5: 1C9DC667461BA2F1C64810B7A9F26C6C
SHA1: 8C1410FDA79C576BEDC0E5BEFC994F4B45E42150


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3428
Created time: 2014-04-06 19:21:27
Modified time: 2014-04-06 06:15:04
MD5: 516D1AEE4C584876CC16D0C61D72790D
SHA1: 5AC161FEE2F7490906CE0C12FB1E2C182D6A395C


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-04-06 20:19:07
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-04-06 20:19:07
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-04-06 20:19:26
Modified time: 2013-09-22 07:32:04
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-04-06 20:19:26
Modified time: 2013-09-22 07:32:04
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 20:19:51
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1227
Created time: 2014-04-06 20:19:51
Modified time: 2014-04-06 06:14:59
MD5: D0EB5CBF505B35A7749ABB159E922F67
SHA1: 3A2CE2A4977F51180C280370F67044F8E52829F6


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]

"C:\\Users\\TICIANO\\Downloads\\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\\Adobe CS6\\Set-up.exe"=hex:53,\
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2483 folders=480 617397127 bytes)

==== EOF on 06/04/2014 at 19:23:08,95 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue o log:



Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by TICIANO on 06/04/2014 at 20:19:24,35.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\TICIANO\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-06-193126.log 31677 bytes
C:\zoek-results2014-04-06-203446.log 613494 bytes
C:\zoek-results2014-04-06-214222.log 13090 bytes
C:\zoek-results2014-04-06-222308.log 8744 bytes

==== System Restore Info ======================

06/04/2014 20:28:07 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]
"C:\\Users\\TICIANO\\Downloads\\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\\Adobe CS6\\Set-up.exe"=-
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[-HKEY_USERS\S-1-5-21-3819992481-2255212457-2752318697-1001\Software\Baidu Security\Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2483 folders=480 617397127 bytes)

==== EOF on 06/04/2014 at 20:28:22,15 ======================

Como está o PC após estas limpezas?

Parece ótimo, velocidade normal e nem rastro do maldito rs. Acabou o processo? Antes de agradecer, pode me dizer como eu me mantenho protegido contra essa ameaça?

ticiano escreveu:Parece ótimo, velocidade normal e nem rastro do maldito rs. Acabou o processo? Antes de agradecer, pode me dizer como eu me mantenho protegido contra essa ameaça?

Uma dica importante seria não baixar e usar programas pirateados ou crackeados, pois a enorme maioria deles vem com vírus e/ou adwares embutidos.

Outra dica é não instalar programas através dos instaladores disponíveis nos maiores sites de download brasileiros (sempre que for baixar por lá escolha a opção de baixar sem o instalador). E de preferência baixe diretamente no site oficial do programa. E mesmo baixando no site oficial dos programas, é preciso ter cuidado na hora da instalação desmarcando as caixinhas que oferecem a instalação de toolbars e/ou adwares.

Este software abaixo também ajuda na proteção:

Deixe seu PC mais protegido na internet com o SpywareBlaster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________

 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

  Foi um prazer ajudar. Conte sempre conosco!

Puxa vida, salvaram meu domingo. Muito obrigado por toda ajuda, que nao só foi eficiente como também foi impressionantemente rápida, parecia em tempo real. Nem o personagem da Sandra Bullock no filme A Rede teria conseguido me ajudar mais rs. Vou dar um olhada nos tutoriais passados acima.

Obrigado novamente!

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.