Kaspersky detecta baidu antivirus e não consigo removê-lo

Olá, já tentei de tudo quanto é jeito, mas não consigo excluir esse anti virus baidu.....Estou instalando o Kaspersky, mas chega um momento que ele detecta o baidu e pede para desistalá-lo.....ja desistalei e ultilizei o AdwCleaner e o JRT....segue os relatórios anexo.

Obrigado pela força...

  Olá rkruki. Seja bem vindo ao Fórum PC Brasil.

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segyue relatório....não consegui anexar

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WIN7 on 13/04/2014 at 20:21:46,52.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WIN7\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13/04/2014 20:22:39 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\WIN7\daemonprocess.txt deleted
C:\Users\WIN7\.android deleted
C:\Program Files\GUTA95D.tmp deleted
C:\Program Files\GUMA94D.tmp deleted
C:\extensions.ini deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\Users\WIN7\AppData\Local\cache deleted
C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx deleted
C:\Users\WIN7\Downloads\DownloadManagerSetup.exe deleted
C:\Users\WIN7\AppData\LocalLow\TB deleted

==== Folders Found ======================

2014-04-13 23:26:29 2014-04-13 23:26:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu\Baidu Antivirus
2013-12-30 18:59:43 2014-03-05 03:20:26 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-30 18:59:43 2014-03-05 03:20:26 -------- d-----w- C:\Users\All Users\Baidu Security
2013-12-30 19:02:46 2013-12-30 19:02:46 -------- d-----w- C:\Users\WIN7\AppData\Roaming\Baidu Security
2014-01-03 17:30:52 2014-01-03 17:30:52 -------- d-----w- C:\Users\WIN7\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-03 17:30:52 2014-01-03 17:30:52 -------- d-----w- C:\Users\WIN7\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Users\WIN7\AppData\Local\Temp\{19CC4024-8914-455A-B5F4-8F84D951F75E}\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-04-13 23:20:07
Modified time: 2014-04-07 16:26:08
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-04-13 04-53-06-0553-[23564].tmp"="https://sync.security.baidu.co.th/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\122913-15459-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130327976380612186.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\122913-15459-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130327976380612186.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"Include1"="PATH|C:\\Program Files\\Baidu Security\\|*.*"

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"FinderInclude2"="PATH|C:\\Program Files\\Baidu Security\\|*.*"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\122913-15459-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130327976380612186.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\122913-15459-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130327976380612186.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"ext@MediaWatchV1home9713.net"="C:\Program Files\MediaWatchV1\MediaWatchV1home9713\ff" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ffppegipljgikhdahnadbcodifbjlank - C:\Program Files\MediaWatchV1\MediaWatchV1home9713\ch\MediaWatchV1home9713.crx[]
ogfjmhfnldnajmfaofeiaepghjenbgjo - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx[]

Google Drive - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Crackle Brazil - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lflobbippdgfecmbdgjdejahlimggpef
Google Wallet - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Extended Protection - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Gmail - WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully
C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogfjmhfnldnajmfaofeiaepghjenbgjo_0.localstorage deleted successfully
C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogfjmhfnldnajmfaofeiaepghjenbgjo_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaWatchV1home9713.net deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\WIN7\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\WIN7\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Users Start Menu ======================

C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk - C:\Users\WIN7\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\WIN7\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\WIN7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ffppegipljgikhdahnadbcodifbjlank deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid deleted successfully

==== Empty IE Cache ======================

C:\Users\WIN7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\WIN7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=322 folders=28 21166317 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\WIN7\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\WIN7\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\WIN7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 13/04/2014 at 20:34:50,01 ======================

Segue relatório de do FRST.....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014 01
Ran by WIN7 (administrator) on WIN7-PC on 13-04-2014 20:57:33
Running from C:\Users\WIN7\Desktop
Microsoft Windows 7 Ultimate  (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() c:\tecmid\mysql5\bin\mysqld.exe
(Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2013-12-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [145440 2012-10-22] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [180768 2012-10-22] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [189472 2012-10-22] (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAFA364348DFACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKCU - No Name - {41524553-2D56-3700-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\WIN7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (YouTube) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Pesquisa do Google) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Gmail) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277024 2012-10-22] (Intel Corporation)
U2 mysql5; c:\tecmid\mysql5\bin\mysqld --defaults-file=c:\tecmid\my5.ini mysql5

==================== Drivers (Whitelisted) ====================

S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-13] (StdLib)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S1 Bnbase; System32\drivers\bnbasex.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 20:57 - 2014-04-13 20:57 - 00008442 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-04-13 20:56 - 2014-04-13 20:57 - 00000000 ____D () C:\FRST
2014-04-13 20:55 - 2014-04-13 20:55 - 01146368 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-04-13 20:40 - 2014-04-13 20:40 - 00027178 _____ () C:\Users\WIN7\Desktop\zoek-results.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00002406 _____ () C:\Windows\PFRO.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00000056 _____ () C:\Windows\setupact.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 20:33 - 2014-04-13 20:21 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-13 20:22 - 2014-04-13 20:34 - 00027178 _____ () C:\zoek-results.log
2014-04-13 19:57 - 2014-04-13 20:32 - 00000000 ____D () C:\zoek_backup
2014-04-13 19:54 - 2014-04-13 19:54 - 00001784 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-04-13 19:52 - 2014-04-13 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 19:48 - 2014-04-13 19:49 - 01285120 _____ () C:\Users\WIN7\Downloads\zoek.exe
2014-04-13 19:44 - 2014-04-13 19:45 - 01016261 _____ (Thisisu) C:\Users\WIN7\Downloads\JRT.exe
2014-04-13 19:24 - 2014-04-13 19:43 - 00000000 ____D () C:\AdwCleaner
2014-04-13 19:24 - 2014-04-13 19:23 - 01426178 _____ () C:\Users\WIN7\Downloads\127-adwcleaner.exe
2014-04-13 19:22 - 2014-04-13 19:22 - 00697104 _____ ( ) C:\Users\WIN7\Downloads\adwcleaner-3023-gerenciador-32-bits.exe
2014-04-13 18:06 - 2014-04-13 18:07 - 01278312 _____ (Baidu, Inc.) C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe
2014-04-13 18:05 - 2014-04-13 20:39 - 00247710 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 17:11 - 2014-04-13 17:11 - 00001388 _____ () C:\Users\WIN7\Desktop\CCleaner - Atalho.lnk
2014-04-13 16:40 - 2014-04-13 16:40 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab Setup Files
2014-04-13 16:40 - 2014-04-13 16:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-13 16:35 - 2014-04-13 16:38 - 202145856 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br (1).exe
2014-04-13 16:33 - 2014-04-13 16:33 - 00000023 _____ () C:\Users\WIN7\Desktop\chave anti virus.txt
2014-04-13 16:22 - 2014-04-13 16:34 - 202018080 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br.exe
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 11:50 - 2014-03-31 03:51 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-13 11:47 - 2014-04-13 11:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-13 11:14 - 2014-04-13 11:22 - 00001748 _____ () C:\Users\WIN7\Desktop\chrome - Atalho.lnk
2014-04-13 09:28 - 2014-04-13 09:28 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-13 01:00 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-04-12 21:52 - 2012-06-02 18:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-12 21:52 - 2012-06-02 18:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-12 21:52 - 2012-06-02 18:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-12 21:52 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-12 21:51 - 2012-06-02 14:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-12 21:51 - 2012-06-02 14:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-12 21:31 - 2014-03-31 08:35 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-12 21:23 - 2014-04-12 21:23 - 00000000 ____D () C:\Windows\pss
2014-04-12 18:42 - 2014-04-12 18:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-09 16:06 - 2014-04-09 16:06 - 00000812 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-04-13 20:57 - 2014-04-13 20:57 - 00008442 _____ () C:\Users\WIN7\Desktop\FRST.txt
2014-04-13 20:57 - 2014-04-13 20:56 - 00000000 ____D () C:\FRST
2014-04-13 20:55 - 2014-04-13 20:55 - 01146368 _____ (Farbar) C:\Users\WIN7\Desktop\FRST.exe
2014-04-13 20:43 - 2009-07-14 00:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 20:43 - 2009-07-14 00:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 20:40 - 2014-04-13 20:40 - 00027178 _____ () C:\Users\WIN7\Desktop\zoek-results.log
2014-04-13 20:39 - 2014-04-13 18:05 - 00247710 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00002406 _____ () C:\Windows\PFRO.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00000056 _____ () C:\Windows\setupact.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 20:34 - 2014-04-13 20:22 - 00027178 _____ () C:\zoek-results.log
2014-04-13 20:34 - 2013-12-16 12:48 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 20:34 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 20:32 - 2014-04-13 19:57 - 00000000 ____D () C:\zoek_backup
2014-04-13 20:32 - 2013-12-16 12:48 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 20:31 - 2013-12-16 12:34 - 00000000 ____D () C:\Users\WIN7
2014-04-13 20:22 - 2013-12-16 12:52 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 20:21 - 2014-04-13 20:33 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-13 20:09 - 2013-12-16 21:04 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA.job
2014-04-13 19:54 - 2014-04-13 19:54 - 00001784 _____ () C:\Users\WIN7\Desktop\JRT.txt
2014-04-13 19:52 - 2014-04-13 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 19:49 - 2014-04-13 19:48 - 01285120 _____ () C:\Users\WIN7\Downloads\zoek.exe
2014-04-13 19:45 - 2014-04-13 19:44 - 01016261 _____ (Thisisu) C:\Users\WIN7\Downloads\JRT.exe
2014-04-13 19:43 - 2014-04-13 19:24 - 00000000 ____D () C:\AdwCleaner
2014-04-13 19:23 - 2014-04-13 19:24 - 01426178 _____ () C:\Users\WIN7\Downloads\127-adwcleaner.exe
2014-04-13 19:22 - 2014-04-13 19:22 - 00697104 _____ ( ) C:\Users\WIN7\Downloads\adwcleaner-3023-gerenciador-32-bits.exe
2014-04-13 19:17 - 2013-12-16 12:39 - 00782566 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 19:17 - 2009-07-29 14:46 - 00654470 _____ () C:\Windows\system32\prfh0416.dat
2014-04-13 19:17 - 2009-07-29 14:46 - 00124922 _____ () C:\Windows\system32\prfc0416.dat
2014-04-13 18:25 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-13 18:07 - 2014-04-13 18:06 - 01278312 _____ (Baidu, Inc.) C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe
2014-04-13 17:55 - 2013-12-18 00:03 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\BitTorrent
2014-04-13 17:31 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-13 17:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-13 17:29 - 2013-12-16 12:46 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-04-13 17:29 - 2013-12-16 12:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-13 17:11 - 2014-04-13 17:11 - 00001388 _____ () C:\Users\WIN7\Desktop\CCleaner - Atalho.lnk
2014-04-13 16:40 - 2014-04-13 16:40 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab Setup Files
2014-04-13 16:40 - 2014-04-13 16:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-04-13 16:38 - 2014-04-13 16:35 - 202145856 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br (1).exe
2014-04-13 16:34 - 2014-04-13 16:22 - 202018080 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br.exe
2014-04-13 16:33 - 2014-04-13 16:33 - 00000023 _____ () C:\Users\WIN7\Desktop\chave anti virus.txt
2014-04-13 12:56 - 2009-07-13 22:04 - 00000722 _____ () C:\Windows\win.ini
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 11:47 - 2014-04-13 11:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-13 11:46 - 2014-01-22 20:44 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
2014-04-13 11:46 - 2014-01-22 20:42 - 00000000 ____D () C:\Program Files\HP
2014-04-13 11:32 - 2014-01-22 20:43 - 00000000 ____D () C:\Users\Todos os Usuários\HP
2014-04-13 11:32 - 2014-01-22 20:43 - 00000000 ____D () C:\ProgramData\HP
2014-04-13 11:22 - 2014-04-13 11:14 - 00001748 _____ () C:\Users\WIN7\Desktop\chrome - Atalho.lnk
2014-04-13 11:16 - 2013-12-16 12:35 - 00001393 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-13 09:28 - 2014-04-13 09:28 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-13 00:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-04-12 22:09 - 2013-12-16 21:04 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core.job
2014-04-12 21:41 - 2009-07-14 00:53 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-12 21:30 - 2013-12-16 13:38 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Skype
2014-04-12 21:23 - 2014-04-12 21:23 - 00000000 ____D () C:\Windows\pss
2014-04-12 18:48 - 2013-12-16 13:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Media Player Classic
2014-04-12 18:47 - 2013-12-29 09:34 - 00000000 ____D () C:\Windows\Minidump
2014-04-12 18:47 - 2013-12-16 18:26 - 00000000 ____D () C:\Windows\Panther
2014-04-12 18:42 - 2014-04-12 18:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-12 18:24 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-12 18:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-09 16:06 - 2014-04-09 16:06 - 00000812 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-31 22:32 - 2014-01-12 13:49 - 00000000 ____D () C:\TecMid
2014-03-31 08:35 - 2014-04-12 21:31 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2014-04-13 11:50 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-29 08:42 - 2013-12-17 23:47 - 00000000 ____D () C:\Program Files\Ares
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ___RD () C:\Program Files\Skype
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ____D () C:\ProgramData\Skype
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\ProgramData\ntuser.pol
2014-03-26 19:56 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014 01
Ran by WIN7 at 2014-04-13 20:58:00
Running from C:\Users\WIN7\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30769 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Estudo de aprimoramento de produto para HP Deskjet 1510 series (HKLM\...\{40FF9E5E-59B6-40C5-8993-CC1B0BB0E629}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java(TM) 6 Update 12 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
REALTEK Wireless LAN Driver (HKLM\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype 6.2 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.2.106 - Skype Technologies S.A.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )

==================== Restore Points  =========================

13-04-2014 01:05:36 Revo Uninstaller's restore point - Advanced System Protector
13-04-2014 01:08:16 Revo Uninstaller's restore point - Chica Password Manager 2.0 2.0.0.8
13-04-2014 01:10:35 Revo Uninstaller's restore point - RegClean Pro
13-04-2014 01:19:29 avast! antivirus system restore point
13-04-2014 01:20:22 Revo Uninstaller's restore point - WinZip Driver Updater
13-04-2014 01:37:22 Revo Uninstaller's restore point - System Speedup
13-04-2014 01:40:24 Windows Defender Checkpoint
13-04-2014 01:51:10 Windows Update
13-04-2014 04:52:34 Revo Uninstaller's restore point - BrowseMark
13-04-2014 04:54:38 Revo Uninstaller's restore point - RegClean Pro
13-04-2014 15:15:24 Revo Uninstaller's restore point - awesomehp uninstaller
13-04-2014 15:23:32 Revo Uninstaller's restore point - HP Deskjet 1510 series Software básico do dispositivo
13-04-2014 15:23:56 Installed HP Deskjet 1510 series Basic Device Software
13-04-2014 15:32:38 Revo Uninstaller's restore point - HP FWUpdateEDO2
13-04-2014 15:37:54 Revo Uninstaller's restore point - HP Deskjet 1510 series Ajuda
13-04-2014 15:38:09 Installed HP Deskjet 1510 series Help
13-04-2014 15:40:48 Revo Uninstaller's restore point - HP Photo Creations
13-04-2014 15:42:47 Revo Uninstaller's restore point - HP Update
13-04-2014 15:43:04 Removed HP Update.
13-04-2014 15:44:12 Windows Update
13-04-2014 20:13:24 Windows Update
13-04-2014 20:55:02 Revo Uninstaller's restore point - BrowseMark
13-04-2014 23:29:52 Revo Uninstaller's restore point - BrowseMark
14-04-2014 00:22:26 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-04-13 20:22 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {4B372EEF-E9A3-44D5-9323-2AF3885474EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {5B729E92-78A2-470D-BAD6-9035ED750760} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {8239B099-CE8E-4F63-B708-F0940FF7B6F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {93052910-03C8-4470-B999-FD369A7B7B4F} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: {A658C700-F84E-4DBA-80F4-163C0D6695B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {B1C1E6D5-8E58-4896-8490-C8AF2EDCE31E} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {DCCB00BF-20FE-49A5-B1CE-F7AB6BCA308D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {E295741F-FDFA-458F-AC00-81F3B8499A3F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core.job => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA.job => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-12 13:49 - 2012-08-29 10:37 - 08197120 _____ () c:\tecmid\mysql5\bin\mysqld.exe
2013-12-16 13:55 - 2012-10-22 15:39 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 14:38 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:51E9F892
AlternateDataStreams: C:\ProgramData\TEMP:676C1C69
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:51E9F892
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:676C1C69

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== Faulty Device Manager Devices =============

Name: Dispositivo PCI
Description: Dispositivo PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: F06DEFF2-5B9C-490D-910F-35D3A9119622
Description: F06DEFF2-5B9C-490D-910F-35D3A9119622
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: F06DEFF2-5B9C-490D-910F-35D3A9119622
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bnbase
Description: Bnbase
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Bnbase
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Baidu NetDefense
Description: Baidu NetDefense
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Bndef
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Baidu Protect
Description: Baidu Protect
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Bprotect
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/13/2014 08:36:17 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bhbase
Bnbase
Bndef
Bprotect
F06DEFF2-5B9C-490D-910F-35D3A9119622

Error: (04/13/2014 08:36:17 PM) (Source: Service Control Manager) (User: )
Description: Serviço mysql5 suspenso ao iniciar.

Error: (04/13/2014 08:31:04 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 08:31:04 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 08:31:03 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 08:31:02 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 08:31:02 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 1488.14 MB
Available physical RAM: 552.32 MB
Total Pagefile: 2976.28 MB
Available Pagefile: 1879.74 MB


Total Virtual: 2047.88 MB
Available Virtual: 1896.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:274.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: 20E20B82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Segue relatório SystemLook.....

SystemLook 30.07.11 by jpshortstuff
Log created at 21:19 on 13/04/2014 by WIN7
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [23:26 13/04/2014]
C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu d------ [23:26 13/04/2014]

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Baidu Security]
[HKEY_CURRENT_USER\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_CURRENT_USER\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_CURRENT_USER\Software\Baidu Security\PC Faster\DataReport]
"c:\programdata\baidu security\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"Include1"="PATH|C:\Program Files\Baidu Security\|*.*"
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"FinderInclude2"="PATH|C:\Program Files\Baidu Security\|*.*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\ProgramData\Baidu Security\RpData\rpFile-PC_Faster_Setup_Mini_GL16-2014-04-13 04-53-06-0553-[23564].tmp"="https://sync.security.baidu.co.th/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\Program Files\Baidu Security\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\Program Files\Baidu Security\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\Program Files\Baidu Security\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\Program Files\Baidu Security\PC Faster\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\programdata\baidu security\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"Include1"="PATH|C:\Program Files\Baidu Security\|*.*"
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"FinderInclude2"="PATH|C:\Program Files\Baidu Security\|*.*"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

-= EOF =-

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WIN7 on 13/04/2014 at 21:47:44,45.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WIN7\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-14-003450.log 27178 bytes

==== System Restore Info ======================

13/04/2014 21:49:01 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-04-13 04-53-06-0553-[23564].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\122913-15459-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130327976380612186.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-KEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\122913-15459-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130327976380612186.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"Include1"=-
[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Piriform\CCleaner]
"FinderInclude2"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\122913-15459-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130327976380612186.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\122913-15459-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130327976380612186.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\ProgramData\Baidu Security deleted
C:\Users\WIN7\AppData\Roaming\Baidu Security deleted

==== Folders Found ======================

2014-04-13 23:26:29 2014-04-13 23:26:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu\Baidu Antivirus
2014-04-14 01:50:34 2014-04-14 01:50:43 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-14 01:50:43 2014-04-14 01:50:53 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=586 folders=64 309437069 bytes)

==== EOF on 13/04/2014 at 21:52:45,87 ======================

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Deu certo a instalação. Muito Obrigado!! você é o cara!!  

Fico feliz com isto, mas poste o log do Zoek para vermos se há ainda algum resto do Baidu.

Na verdade, pelo log do Farbar seu PC ainda está com outros problemas que precisamos remover também. Aguardo você postar o log para darmos continuidade na limpeza.

Obrigado, segue o relatório:

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by WIN7 on 13/04/2014 at 22:21:09,53.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\WIN7\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-14-003450.log 27178 bytes
C:\zoek-results2014-04-14-015245.log 15549 bytes

==== System Restore Info ======================

13/04/2014 22:21:55 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2284989677-3368687142-1618307625-1000\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Folders Found ======================

2014-04-13 23:26:29 2014-04-13 23:26:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu
2014-04-13 23:26:37 2014-04-13 23:26:37 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\baidu\Baidu Antivirus
2014-04-14 01:50:34 2014-04-14 01:50:43 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-04-14 01:50:43 2014-04-14 01:50:53 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-04-14 01:50:54 2014-04-14 01:50:54 -------- d---a-w- C:\zoek_backup\C_Users_WIN7_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-04-14 02:02:31
Modified time: 2014-04-07 16:26:08
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=586 folders=64 309437069 bytes)

==== EOF on 13/04/2014 at 22:24:31,25 ======================

Poste um novo log do Farbar e do Additional Scan para vermos como está o PC atualmente.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2014 01
Ran by WIN7 (administrator) on WIN7-PC on 13-04-2014 22:35:35
Running from C:\Users\WIN7\Downloads
Microsoft Windows 7 Ultimate  (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() c:\tecmid\mysql5\bin\mysqld.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Users\WIN7\Downloads\zoek.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2013-12-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [145440 2012-10-22] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [180768 2012-10-22] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [189472 2012-10-22] (Intel Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-12-04] (Kaspersky Lab ZAO)
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2284989677-3368687142-1618307625-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAFA364348DFACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} -  No File
Toolbar: HKCU - No Name - {41524553-2D56-3700-76A7-7A786E7484D7} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\WIN7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-04-13]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-13]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-04-13]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-04-13]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-04-13]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (YouTube) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Pesquisa do Google) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (Conselheiro de URLs da Kaspersky) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-13]
CHR Extension: (Dinheiro seguro) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-13]
CHR Extension: (Content Blocker) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-13]
CHR Extension: (Virtual Keyboard) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Gmail) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
CHR Extension: (Anti-Banner) - C:\Users\WIN7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-13]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-12-04]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-12-04]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-12-04]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-12-04]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-12-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-12-04] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277024 2012-10-22] (Intel Corporation)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
U2 mysql5; c:\tecmid\mysql5\bin\mysqld --defaults-file=c:\tecmid\my5.ini mysql5

==================== Drivers (Whitelisted) ====================

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [595552 2013-12-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-12-04] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-12-04] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-12-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-12-04] (Kaspersky Lab ZAO)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52928 2014-04-13] (StdLib)
S1 Bnbase; System32\drivers\bnbasex.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2013-12-04] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 22:35 - 2014-04-13 22:35 - 00013420 _____ () C:\Users\WIN7\Downloads\FRST.txt
2014-04-13 22:34 - 2014-04-13 22:35 - 01146368 _____ (Farbar) C:\Users\WIN7\Downloads\FRST.exe
2014-04-13 22:21 - 2014-04-13 22:24 - 00000591 _____ () C:\runcheck.txt
2014-04-13 22:21 - 2014-04-13 21:52 - 00015549 _____ () C:\zoek-results2014-04-14-015245.log
2014-04-13 22:04 - 2014-04-13 22:04 - 00002166 _____ () C:\Users\WIN7\Desktop\Safe Money.lnk
2014-04-13 22:02 - 2011-06-02 14:39 - 00088632 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-04-13 22:02 - 2011-06-02 14:39 - 00039736 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-04-13 22:01 - 2014-04-13 22:01 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-13 22:01 - 2014-04-13 22:01 - 00000000 ____D () C:\Program Files\Common Files\InfoWatch
2014-04-13 22:00 - 2014-04-13 22:08 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-04-13 22:00 - 2014-04-13 22:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-13 22:00 - 2014-04-13 22:00 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-04-13 22:00 - 2013-12-04 19:26 - 00595552 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-13 22:00 - 2013-12-04 19:26 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-13 21:41 - 2014-04-13 21:41 - 00027505 _____ () C:\Users\WIN7\Downloads\PureRa (1).zip
2014-04-13 21:36 - 2014-04-13 21:36 - 00027505 _____ () C:\Users\WIN7\Downloads\PureRa.zip
2014-04-13 21:32 - 2014-04-13 21:57 - 00000000 ____D () C:\Users\Todos os Usuários\MCShield
2014-04-13 21:32 - 2014-04-13 21:57 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-13 21:32 - 2014-04-13 21:32 - 02856736 _____ (MyCity) C:\Users\WIN7\Downloads\MCShield-Setup.exe
2014-04-13 21:32 - 2014-04-13 21:32 - 00000000 ____D () C:\Program Files\MCShield
2014-04-13 21:21 - 2014-04-13 21:21 - 00522240 _____ (OldTimer Tools) C:\Users\WIN7\Downloads\OTM.exe
2014-04-13 21:19 - 2014-04-13 21:19 - 00018402 _____ () C:\Users\WIN7\Downloads\SystemLook.txt
2014-04-13 21:18 - 2014-04-13 21:18 - 00139264 _____ () C:\Users\WIN7\Downloads\SystemLook.exe
2014-04-13 20:56 - 2014-04-13 22:35 - 00000000 ____D () C:\FRST
2014-04-13 20:34 - 2014-04-13 21:57 - 00002736 _____ () C:\Windows\PFRO.log
2014-04-13 20:34 - 2014-04-13 21:57 - 00000168 _____ () C:\Windows\setupact.log
2014-04-13 20:34 - 2014-04-13 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 20:22 - 2014-04-13 22:24 - 00003791 _____ () C:\zoek-results.log
2014-04-13 19:57 - 2014-04-13 21:50 - 00000000 ____D () C:\zoek_backup
2014-04-13 19:52 - 2014-04-13 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 19:48 - 2014-04-13 19:49 - 01285120 _____ () C:\Users\WIN7\Downloads\zoek.exe
2014-04-13 19:44 - 2014-04-13 19:45 - 01016261 _____ (Thisisu) C:\Users\WIN7\Downloads\JRT.exe
2014-04-13 19:24 - 2014-04-13 19:43 - 00000000 ____D () C:\AdwCleaner
2014-04-13 19:24 - 2014-04-13 19:23 - 01426178 _____ () C:\Users\WIN7\Downloads\127-adwcleaner.exe
2014-04-13 19:22 - 2014-04-13 19:22 - 00697104 _____ ( ) C:\Users\WIN7\Downloads\adwcleaner-3023-gerenciador-32-bits.exe
2014-04-13 18:06 - 2014-04-13 18:07 - 01278312 _____ (Baidu, Inc.) C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe
2014-04-13 18:05 - 2014-04-13 22:04 - 00328681 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 17:11 - 2014-04-13 17:11 - 00001388 _____ () C:\Users\WIN7\Desktop\CCleaner - Atalho.lnk
2014-04-13 16:35 - 2014-04-13 16:38 - 202145856 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br (1).exe
2014-04-13 16:22 - 2014-04-13 16:34 - 202018080 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br.exe
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 11:50 - 2014-03-31 03:51 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-13 11:47 - 2014-04-13 11:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-13 09:28 - 2014-04-13 09:28 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-13 01:00 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-04-12 21:52 - 2012-06-02 18:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-12 21:52 - 2012-06-02 18:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-12 21:52 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-12 21:52 - 2012-06-02 18:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-12 21:52 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-12 21:51 - 2012-06-02 14:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-12 21:51 - 2012-06-02 14:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-12 21:31 - 2014-03-31 08:35 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-12 21:23 - 2014-04-12 21:23 - 00000000 ____D () C:\Windows\pss
2014-04-12 18:42 - 2014-04-12 18:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-09 16:06 - 2014-04-09 16:06 - 00000812 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-04-13 22:36 - 2014-04-13 22:35 - 00013420 _____ () C:\Users\WIN7\Downloads\FRST.txt
2014-04-13 22:35 - 2014-04-13 22:34 - 01146368 _____ (Farbar) C:\Users\WIN7\Downloads\FRST.exe
2014-04-13 22:35 - 2014-04-13 20:56 - 00000000 ____D () C:\FRST
2014-04-13 22:32 - 2013-12-16 12:48 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 22:24 - 2014-04-13 22:21 - 00000591 _____ () C:\runcheck.txt
2014-04-13 22:24 - 2014-04-13 20:22 - 00003791 _____ () C:\zoek-results.log
2014-04-13 22:22 - 2013-12-16 12:52 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 22:08 - 2014-04-13 22:00 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-04-13 22:08 - 2014-04-13 22:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-13 22:08 - 2009-07-14 00:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 22:08 - 2009-07-14 00:34 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 22:04 - 2014-04-13 22:04 - 00002166 _____ () C:\Users\WIN7\Desktop\Safe Money.lnk
2014-04-13 22:04 - 2014-04-13 18:05 - 00328681 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 22:01 - 2014-04-13 22:01 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-13 22:01 - 2014-04-13 22:01 - 00000000 ____D () C:\Program Files\Common Files\InfoWatch
2014-04-13 22:00 - 2014-04-13 22:00 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-04-13 21:57 - 2014-04-13 21:32 - 00000000 ____D () C:\Users\Todos os Usuários\MCShield
2014-04-13 21:57 - 2014-04-13 21:32 - 00000000 ____D () C:\ProgramData\MCShield
2014-04-13 21:57 - 2014-04-13 20:34 - 00002736 _____ () C:\Windows\PFRO.log
2014-04-13 21:57 - 2014-04-13 20:34 - 00000168 _____ () C:\Windows\setupact.log
2014-04-13 21:57 - 2013-12-16 12:48 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-13 21:57 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 21:52 - 2014-04-13 22:21 - 00015549 _____ () C:\zoek-results2014-04-14-015245.log
2014-04-13 21:50 - 2014-04-13 19:57 - 00000000 ____D () C:\zoek_backup
2014-04-13 21:42 - 2013-12-17 23:42 - 00000000 ____D () C:\Users\Todos os Usuários\WinZip
2014-04-13 21:42 - 2013-12-17 23:42 - 00000000 ____D () C:\ProgramData\WinZip
2014-04-13 21:41 - 2014-04-13 21:41 - 00027505 _____ () C:\Users\WIN7\Downloads\PureRa (1).zip
2014-04-13 21:36 - 2014-04-13 21:36 - 00027505 _____ () C:\Users\WIN7\Downloads\PureRa.zip
2014-04-13 21:32 - 2014-04-13 21:32 - 02856736 _____ (MyCity) C:\Users\WIN7\Downloads\MCShield-Setup.exe
2014-04-13 21:32 - 2014-04-13 21:32 - 00000000 ____D () C:\Program Files\MCShield
2014-04-13 21:21 - 2014-04-13 21:21 - 00522240 _____ (OldTimer Tools) C:\Users\WIN7\Downloads\OTM.exe
2014-04-13 21:19 - 2014-04-13 21:19 - 00018402 _____ () C:\Users\WIN7\Downloads\SystemLook.txt
2014-04-13 21:18 - 2014-04-13 21:18 - 00139264 _____ () C:\Users\WIN7\Downloads\SystemLook.exe
2014-04-13 20:34 - 2014-04-13 20:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-13 20:31 - 2013-12-16 12:34 - 00000000 ____D () C:\Users\WIN7
2014-04-13 20:09 - 2013-12-16 21:04 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA.job
2014-04-13 19:52 - 2014-04-13 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-04-13 19:49 - 2014-04-13 19:48 - 01285120 _____ () C:\Users\WIN7\Downloads\zoek.exe
2014-04-13 19:45 - 2014-04-13 19:44 - 01016261 _____ (Thisisu) C:\Users\WIN7\Downloads\JRT.exe
2014-04-13 19:43 - 2014-04-13 19:24 - 00000000 ____D () C:\AdwCleaner
2014-04-13 19:23 - 2014-04-13 19:24 - 01426178 _____ () C:\Users\WIN7\Downloads\127-adwcleaner.exe
2014-04-13 19:22 - 2014-04-13 19:22 - 00697104 _____ ( ) C:\Users\WIN7\Downloads\adwcleaner-3023-gerenciador-32-bits.exe
2014-04-13 19:17 - 2013-12-16 12:39 - 00782566 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-13 19:17 - 2009-07-29 14:46 - 00654470 _____ () C:\Windows\system32\prfh0416.dat
2014-04-13 19:17 - 2009-07-29 14:46 - 00124922 _____ () C:\Windows\system32\prfc0416.dat
2014-04-13 18:25 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-13 18:07 - 2014-04-13 18:06 - 01278312 _____ (Baidu, Inc.) C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe
2014-04-13 17:55 - 2013-12-18 00:03 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\BitTorrent
2014-04-13 17:31 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-13 17:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-13 17:29 - 2013-12-16 12:46 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-04-13 17:29 - 2013-12-16 12:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-13 17:11 - 2014-04-13 17:11 - 00001388 _____ () C:\Users\WIN7\Desktop\CCleaner - Atalho.lnk
2014-04-13 16:38 - 2014-04-13 16:35 - 202145856 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br (1).exe
2014-04-13 16:34 - 2014-04-13 16:22 - 202018080 _____ (Kaspersky Lab ZAO) C:\Users\WIN7\Downloads\pur13.0.2.558pt-br.exe
2014-04-13 12:56 - 2009-07-13 22:04 - 00000722 _____ () C:\Windows\win.ini
2014-04-13 11:50 - 2014-04-13 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-13 11:47 - 2014-04-13 11:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-13 11:46 - 2014-01-22 20:44 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\HpUpdate
2014-04-13 11:46 - 2014-01-22 20:42 - 00000000 ____D () C:\Program Files\HP
2014-04-13 11:32 - 2014-01-22 20:43 - 00000000 ____D () C:\Users\Todos os Usuários\HP
2014-04-13 11:32 - 2014-01-22 20:43 - 00000000 ____D () C:\ProgramData\HP
2014-04-13 11:16 - 2013-12-16 12:35 - 00001393 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-13 09:28 - 2014-04-13 09:28 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG.sys
2014-04-13 00:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-04-12 22:09 - 2013-12-16 21:04 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core.job
2014-04-12 21:41 - 2009-07-14 00:53 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-12 21:30 - 2013-12-16 13:38 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Skype
2014-04-12 21:23 - 2014-04-12 21:23 - 00000000 ____D () C:\Windows\pss
2014-04-12 18:48 - 2013-12-16 13:47 - 00000000 ____D () C:\Users\WIN7\AppData\Roaming\Media Player Classic
2014-04-12 18:47 - 2013-12-29 09:34 - 00000000 ____D () C:\Windows\Minidump
2014-04-12 18:47 - 2013-12-16 18:26 - 00000000 ____D () C:\Windows\Panther
2014-04-12 18:42 - 2014-04-12 18:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-12 18:24 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-12 18:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-09 16:06 - 2014-04-09 16:06 - 00000812 _____ () C:\Users\WIN7\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-03-31 22:32 - 2014-01-12 13:49 - 00000000 ____D () C:\TecMid
2014-03-31 08:35 - 2014-04-12 21:31 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2014-04-13 11:50 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-29 08:42 - 2013-12-17 23:47 - 00000000 ____D () C:\Program Files\Ares
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ___RD () C:\Program Files\Skype
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2014-03-29 08:39 - 2013-12-16 13:38 - 00000000 ____D () C:\ProgramData\Skype
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\Users\Todos os Usuários\ntuser.pol
2014-03-26 19:56 - 2014-03-26 19:56 - 00000492 __RSH () C:\ProgramData\ntuser.pol
2014-03-26 19:56 - 2009-07-13 22:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

Some content of TEMP:
====================
C:\Users\WIN7\AppData\Local\Temp\7za.exe
C:\Users\WIN7\AppData\Local\Temp\hijackthis.exe
C:\Users\WIN7\AppData\Local\Temp\NirCmd.exe
C:\Users\WIN7\AppData\Local\Temp\PEVZ.EXE
C:\Users\WIN7\AppData\Local\Temp\remove.exe
C:\Users\WIN7\AppData\Local\Temp\sed.exe
C:\Users\WIN7\AppData\Local\Temp\shortcut.exe
C:\Users\WIN7\AppData\Local\Temp\swreg.exe
C:\Users\WIN7\AppData\Local\Temp\swxcacls.exe
C:\Users\WIN7\AppData\Local\Temp\wget.exe
C:\Users\WIN7\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 00:00

==================== End Of Log ============================

falta só o Additional scan.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2014 01
Ran by WIN7 at 2014-04-13 22:39:08
Running from C:\Users\WIN7\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30769 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Estudo de aprimoramento de produto para HP Deskjet 1510 series (HKLM\...\{40FF9E5E-59B6-40C5-8993-CC1B0BB0E629}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
High-Definition Video Playback 10 (Version: 7.0.11400.29.0 - Nero AG) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java(TM) 6 Update 12 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
Kaspersky PURE 3.0 (HKLM\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (Version: 13.0.2.558 - Kaspersky Lab) Hidden
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.0.10700.9.100 - Nero AG)
Nero DiscCopyGadget 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
REALTEK Wireless LAN Driver (HKLM\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype 6.2 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.2.106 - Skype Technologies S.A.)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )

==================== Restore Points  =========================

13-04-2014 01:05:36 Revo Uninstaller's restore point - Advanced System Protector
13-04-2014 01:08:16 Revo Uninstaller's restore point - Chica Password Manager 2.0 2.0.0.8
13-04-2014 01:10:35 Revo Uninstaller's restore point - RegClean Pro
13-04-2014 01:19:29 avast! antivirus system restore point
13-04-2014 01:20:22 Revo Uninstaller's restore point - WinZip Driver Updater
13-04-2014 01:37:22 Revo Uninstaller's restore point - System Speedup
13-04-2014 01:40:24 Windows Defender Checkpoint
13-04-2014 01:51:10 Windows Update
13-04-2014 04:52:34 Revo Uninstaller's restore point - BrowseMark
13-04-2014 04:54:38 Revo Uninstaller's restore point - RegClean Pro
13-04-2014 15:15:24 Revo Uninstaller's restore point - awesomehp uninstaller
13-04-2014 15:23:32 Revo Uninstaller's restore point - HP Deskjet 1510 series Software básico do dispositivo
13-04-2014 15:23:56 Installed HP Deskjet 1510 series Basic Device Software
13-04-2014 15:32:38 Revo Uninstaller's restore point - HP FWUpdateEDO2
13-04-2014 15:37:54 Revo Uninstaller's restore point - HP Deskjet 1510 series Ajuda
13-04-2014 15:38:09 Installed HP Deskjet 1510 series Help
13-04-2014 15:40:48 Revo Uninstaller's restore point - HP Photo Creations
13-04-2014 15:42:47 Revo Uninstaller's restore point - HP Update
13-04-2014 15:43:04 Removed HP Update.
13-04-2014 15:44:12 Windows Update
13-04-2014 20:13:24 Windows Update
13-04-2014 20:55:02 Revo Uninstaller's restore point - BrowseMark
13-04-2014 23:29:52 Revo Uninstaller's restore point - BrowseMark
14-04-2014 00:22:26 zoek.exe restore point
14-04-2014 01:48:42 zoek.exe restore point
14-04-2014 02:21:37 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-04-13 20:22 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {4B372EEF-E9A3-44D5-9323-2AF3885474EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {5B729E92-78A2-470D-BAD6-9035ED750760} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: {8239B099-CE8E-4F63-B708-F0940FF7B6F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {93052910-03C8-4470-B999-FD369A7B7B4F} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe
Task: {A658C700-F84E-4DBA-80F4-163C0D6695B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {B1C1E6D5-8E58-4896-8490-C8AF2EDCE31E} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {DCCB00BF-20FE-49A5-B1CE-F7AB6BCA308D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {E295741F-FDFA-458F-AC00-81F3B8499A3F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-16] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000Core.job => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2284989677-3368687142-1618307625-1000UA.job => C:\Users\WIN7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-12 13:49 - 2012-08-29 10:37 - 08197120 _____ () c:\tecmid\mysql5\bin\mysqld.exe
2013-12-16 13:55 - 2012-10-22 15:39 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 14:38 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 14:38 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:51E9F892
AlternateDataStreams: C:\ProgramData\TEMP:676C1C69
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:51E9F892
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:676C1C69

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== Faulty Device Manager Devices =============

Name: Dispositivo PCI
Description: Dispositivo PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bnbase
Description: Bnbase
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Bnbase
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: F06DEFF2-5B9C-490D-910F-35D3A9119622
Description: F06DEFF2-5B9C-490D-910F-35D3A9119622
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: F06DEFF2-5B9C-490D-910F-35D3A9119622
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/13/2014 09:59:24 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bnbase
F06DEFF2-5B9C-490D-910F-35D3A9119622

Error: (04/13/2014 09:59:23 PM) (Source: Service Control Manager) (User: )
Description: Serviço mysql5 suspenso ao iniciar.

Error: (04/13/2014 09:50:30 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:29 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:29 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:28 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:27 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:26 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:25 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/13/2014 09:50:24 PM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 1488.14 MB
Available physical RAM: 482.66 MB
Total Pagefile: 2976.28 MB
Available Pagefile: 1872.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:272.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: 20E20B82)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST), que é este local abaixo:
C:\Users\WIN7\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2014 01
Ran by WIN7 at 2014-04-13 23:21:21 Run:1
Running from C:\Users\WIN7\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAFA364348DFACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Web URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - No File
Toolbar: HKCU - No Name - {41524553-2D56-3700-76A7-7A786E7484D7} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 Bnbase; System32\drivers\bnbasex.sys [X]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg [X]
2014-04-13 18:06 - 2014-04-13 18:07 - 01278312 _____ (Baidu, Inc.) C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe
Task: {B1C1E6D5-8E58-4896-8490-C8AF2EDCE31E} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
AlternateDataStreams: C:\ProgramData\TEMP:51E9F892
AlternateDataStreams: C:\ProgramData\TEMP:676C1C69
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:51E9F892
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:676C1C69
end
*****************

HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Web => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Web => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d1dac034-9fd9-4c13-a388-d2e10e57707f} => Value deleted successfully.
HKCR\CLSID\{d1dac034-9fd9-4c13-a388-d2e10e57707f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41524553-2D56-3700-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41524553-2D56-3700-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Bnbase => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Service deleted successfully.
C:\Users\WIN7\Downloads\BavPro_Setup_Mini_Br1.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1C1E6D5-8E58-4896-8490-C8AF2EDCE31E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1C1E6D5-8E58-4896-8490-C8AF2EDCE31E} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
C:\ProgramData\TEMP => ":51E9F892" ADS removed successfully.
C:\ProgramData\TEMP => ":676C1C69" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":51E9F892" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":676C1C69" ADS not found.


The system needed a reboot.

==== End of Fixlog ====

Reinicie o PC (caso não tenha reiniciado automaticamente) para que o Farbar complete a limpeza dele.
________________________________________________________________________________

Depois de reiniciar, faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Segue relatório:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 14/04/2014
Scan Time: 21:41:18
Logfile: scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.14.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: WIN7

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218598
Time Elapsed: 9 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 15
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [271317131b6092a4997a779de91905fb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [271317131b6092a4997a779de91905fb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [271317131b6092a4997a779de91905fb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [271317131b6092a4997a779de91905fb],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-2284989677-3368687142-1618307625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{aeac172e-2e4b-4b92-9af6-b0cdb1acecdb}, Quarantined, [12288c9e7902082e77ad2be70101d927],
PUP.Optional.BrowseMark.A, HKU\S-1-5-21-2284989677-3368687142-1618307625-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}, Quarantined, [12288c9e7902082e77ad2be70101d927],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\awesomehpSoftware, Quarantined, [94a6af7bf68572c44d067ef7f60c9769],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MediaWatchV1home9713, Quarantined, [52e86fbb017acd6954d4743512f13cc4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [51e934f6c4b7a39300aa851847bc0ff1],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [f34721094833fe38e4c6bce151b2ed13],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [fc3e59d1275492a4ddcd0b92c1422cd4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [102aec3ebac173c3d4d6bbe2df2419e7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [9e9cc961413a76c02b7f7c213dc6e61a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [55e5a684720910267a30ebb2ff042dd3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [a298ef3b473479bd7b2ea5f818eb946c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Como está o PC após estas limpezas?

Agora que notei no log do Malwarebytes: Você só fez uma verificação rápida com ele. Faça, por gentileza, uma verificação personalizada da forma que é mostrada no tutorial que lhe passei, porque assim a varredura é muito mais completa e eficiente.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 14/04/2014
Scan Time: 23:17:05
Logfile: relatorio completo.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.15.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: WIN7

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 318315
Time Elapsed: 1 hr, 11 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 69
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\SaveSenseLive.exe.vir, Quarantined, [019def3b6a11d95dd2d052f5ab56748c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll.vir, Quarantined, [8f0fe54597e4e3531a780561d52ca35d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll.vir, Quarantined, [e7b7db4f27548da96f2389dd2ed3e818],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll.vir, Quarantined, [821c61c96912a6909df586e052af60a0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll.vir, Quarantined, [485674b686f542f41d75eb7bfd045aa6],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir, Quarantined, [534b14165823a195d8bac79fcb36cb35],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll.vir, Quarantined, [0e90a08acfac70c679195412f30ea45c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll.vir, Quarantined, [ebb3cd5d48333303fa984125a16038c8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll.vir, Quarantined, [0e9089a14c2f1e18f59d422443bebb45],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll.vir, Quarantined, [3d610b1f9fdcb482deb44620639e30d0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll.vir, Quarantined, [455944e6df9c54e20c86283e1ee3a65a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll.vir, Quarantined, [7a2404263e3d85b16b271d49788930d0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll.vir, Quarantined, [7e20a8823744211530622343f20f15eb],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll.vir, Quarantined, [198588a2c3b8270fa5ed3f271fe2847c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll.vir, Quarantined, [c2dc67c31467df570989e48209f8ea16],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll.vir, Quarantined, [386672b896e579bdf69c5610917036ca],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll.vir, Quarantined, [4757e74306752d0994fea6c020e1da26],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll.vir, Quarantined, [633bbc6e3645d561b2e03333cb36dc24],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll.vir, Quarantined, [68361e0ca3d83afc434f1551827ff10f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll.vir, Quarantined, [811d2efccab19b9beda51d496899d927],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll.vir, Quarantined, [4e506bbfe398d165573bff67f30ed32d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll.vir, Quarantined, [bee0c565d5a6ff37eba790d6b34e57a9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll.vir, Quarantined, [3f5f9b8f4932ed4999f9e185df22847c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll.vir, Quarantined, [79256fbb9dde092d137fd39355ac8080],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll.vir, Quarantined, [7d2163c764173006dbb7cf9753aede22],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll.vir, Quarantined, [435b33f7a0db66d0e5ad94d200013ec2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll.vir, Quarantined, [128c3eecc6b580b69ff32442a55cb050],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll.vir, Quarantined, [4e50a981c9b28ea88d050d59ab566e92],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll.vir, Quarantined, [1b834bdf2952191d4d45a8bead54a35d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll.vir, Quarantined, [7d215ad0245791a5d3bf0561bb46ea16],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll.vir, Quarantined, [3d612307c3b87cba4f43c2a4ca377090],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdate.dll.vir, Quarantined, [0a9475b5ec8f6cca4b573215a25f47b9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll.vir, Quarantined, [b7e7df4b304b79bdd1c11c4ad130738d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll.vir, Quarantined, [16881515c2b9b581058d4422ba478977],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll.vir, Quarantined, [e2bcbb6f7803c175484a293dde239967],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll.vir, Quarantined, [4757ce5c3f3c3105f79b94d2b150b749],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir, Quarantined, [fea07bafe19a3ff74949c4a235cc60a0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir, Quarantined, [d0ce2703b7c46bcb256de185c23ff20e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll.vir, Quarantined, [722cf535e59674c2c2d0abbbc1402dd3],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll.vir, Quarantined, [ddc13af0d1aad363e5ad531355ac8a76],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll.vir, Quarantined, [9e009a9019623df9d0c2d591b64bba46],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll.vir, Quarantined, [336bff2b16654fe7e5ad81e510f16997],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll.vir, Quarantined, [cbd3a684b4c72016e6acd39381806a96],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll.vir, Quarantined, [d3cbe94190ebd462830f4a1cf80936ca],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll.vir, Quarantined, [b0ee6dbdf18aa78f4d454620ca3713ed],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll.vir, Quarantined, [a6f81f0b146746f08b07a7bf02ffcd33],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll.vir, Quarantined, [cfcf8aa0dc9fde58bdd52c3a3dc4bc44],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll.vir, Quarantined, [5d41959594e7dc5a0191cb9be91803fd],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll.vir, Quarantined, [a7f762c8750691a51f7385e1679aac54],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll.vir, Quarantined, [39655fcbc7b461d5a3efdb8b778a916f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll.vir, Quarantined, [207e5ccea3d84ee8eaa8f472a55cc63a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll.vir, Quarantined, [920c39f16417fd3909898fd78e738c74],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll.vir, Quarantined, [aef0f9315328d85e642e8fd7aa574bb5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll.vir, Quarantined, [5549f634e992ac8a3161d78fb15047b9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll.vir, Quarantined, [f5a9eb3ffc7fef47cdc5dd897d84f60a],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir, Quarantined, [762853d78deea096088ae77f16ebc040],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir, Quarantined, [8f0fd8524e2d8ea8bed4d492907113ed],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir, Quarantined, [326cee3c3f3c7eb80a98d37433ce4eb2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir, Quarantined, [ccd2aa8089f239fdc3dfdd6a08f9e41c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psuser.dll.vir, Quarantined, [0d91e842f388bb7b940ea1a6d22f50b0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir, Quarantined, [f0aeee3c91ea2f071c862126a55c47b9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir, Quarantined, [ecb2b872f68588aeacf6182f9e63e31d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir, Quarantined, [b9e57cae136839fdecb67bcc758c8e72],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir, Quarantined, [0b931515e9920630aaf83215b34e08f8],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir, Quarantined, [811dc2683e3d3402371346efec146898],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir, Quarantined, [fda1101acbb086b06f47014fa859c53b],
PUP.Optional.WpManager, C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir, Quarantined, [c5d9ed3d0e6df14548c36eedcb36b050],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Users\WIN7\AppData\Roaming\SupTab\SupTab.dll.vir, Quarantined, [950970ba7dfe2a0cc38770c5758b6898],
PUP.Optional.AdlSoft, C:\zoek_backup\C_Users_WIN7_Downloads_DownloadManagerSetup.exe.vir, Quarantined, [970779b196e5f2447ed73b3129d8f20e],

Physical Sectors: 0
(No malicious items detected)


(end)

O log do Malwarebytes está limpo, só itens das quarentenas dos programas é que foram removidos.

Como está o PC após estes procedimentos?