Baidu antivirus

Graças a meu parente agora tenho essa porcaria no meu pc.
Já passei diversas ferramentas, zoek, hijackthis, adwcleaner, cc-cleaner, jrt, para tentar limpar o registro do meu pc dessa porcaria mas nada de conseguir remover os registros dele.

   Olá dielveio. Seja bem vindo ao Fórum PC Brasil.

Poste, por gentileza, o relatório do AdwCleaner que deverá estar em C:\AdwCleaner\AdwCleaner[S0].txt e o relatório do Zoek que deverá estar em C:\zoek-results.txt para que possamos analisá-los.

Ficamos na espera.

Eu havia feito uma geral no PC e acabei por excluir os logs da primeira vez que executei os programas e tive que rodar novamente, então o Zoek não pegou o baidu e o arquivo do adwcleaner está vazio.
As entradas do baidu no registro estão nestas pastas e o nome DeviceDesc aparece em todas:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Djeison on 12/05/2014 at 11:18:33,85.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Djeison\Downloads\zoek.exe [Scan all users] [Deep Scan]

==== System Restore Info ======================

12/05/2014 11:20:22 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Users\Djeison\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Djeison\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8139 MB
CPU Info: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
CPU Speed: 2993,0 MHz
Sound Card: LG TV-4 (NVIDIA High Definition |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GTX 680 | NVIDIA GeForce GTX 680 | NVIDIA GeForce GTX 680 | NVIDIA GeForce GTX 680 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TP-LINK Wireless USB Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (E: | G: | ) E: TSSTcorpCDDVDW SH-224BB | G: DTSOFT BDROM
Ports: COM1 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 465,7GB | D: 465,8GB | I: 465,8GB
Hard Disks - Free: C: 272,6GB | D: 379,2GB | I: 84,9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/27/13 | ALASKA - 1072009
Time Zone: Hora oficial do Brasil
Motherboard *: Gigabyte Technology Co., Ltd. B75M-D3H
Country: Brasil
Language: PTB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 34.0.1847.131
Internet Explorer Version: 11.0.9600.17105
Google Chrome version: 34.0.1847.131
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_55 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-04-25 23:23:41 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Djeison\AppData\Local\Temp ====
2014-05-12 11:31:53 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Djeison\AppData\Local\Temp\HitmanPro.exe
2014-05-12 03:14:58 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-05-12 02:17:18 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-05-11 13:28:24 4C182BDB0E01582B29E2A38ABD6ACE44 29 ----a-w- C:\Windows\SysWOW64\config.ini
2014-05-07 23:18:17 4352D88A78AA39750BF70CD6F27BCAA5 4 ----a-w- C:\Windows\SysWOW64\GVTunner.ref
2014-05-06 21:43:37 74673E3D9BF4A1614C82D8B7D3C0113F 34760 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-02 22:44:16 5869FBC754578A59C8C8635B99DB79DE 17384448 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-05-02 22:44:16 2518D1922371892ADEF1F07147DBD72A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-12 11:29:08 2EF6FD0B489488C3134D49570DD43275 948 ----a-w- C:\Windows\Sysnative\.crusader
2014-05-02 22:44:17 A98DA2EC1E56CF52C682D072F77D9874 23547904 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-05-02 22:44:16 DE5DE05946D6FC2DC494C55BC7BC4C6E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-05-02 22:44:10 84ED099009EF0DF82A37D4FEAE012655 465408 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-05-02 22:44:10 5513F4766C9987D6B0D49D51BB2E5EE4 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-05-12 02:52:54 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-05-11 14:57:17 FF3721C757BC66C8702BFDBA977D345D 61112 ----a-w- C:\Windows\Sysnative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-06 21:43:37 75034A4D7C02327D150B617571D4196A 40392 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
2014-04-25 23:23:43 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-04-19 02:51:13 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
====== C:\Windows\Tasks ======
2014-05-11 13:27:09 3D3E4FCEF13D07A1BFB2803DC00A34C9 3254 ----a-w- C:\Windows\Sysnative\Tasks\FF Watcher {B670077A-B0D0-4ECA-8789-1FC9504F3A1E}
2014-05-11 13:27:09 2981666C8937FBD7708F296B12B49B6B 286 ----a-w- C:\Windows\Tasks\FF Watcher {B670077A-B0D0-4ECA-8789-1FC9504F3A1E}.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-06 23:36:35 -------- d-----w- C:\Program Files\CPUID
2014-04-19 02:50:13 -------- d-----w- C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2014-05-12 02:44:29 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-04-19 02:50:13 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight
2014-04-16 18:00:16 -------- d-----w- C:\PROGRA~2\Dragon Age 2
======= C: =====
====== C:\Users\Djeison\AppData\Roaming ======
2014-05-12 03:01:27 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Users\hedev\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Users\Djeison\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-05-12 03:01:27 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-05-11 13:27:06 -------- d-----w- C:\Users\Djeison\AppData\Locallow\Company
2014-05-11 13:26:18 3E622886DDA24588B5FC4A85F6F8AE0B 82568 ----a-w- C:\Users\Djeison\AppData\Local\viewer.txt
2014-05-06 23:35:42 -------- d-----w- C:\Users\Djeison\AppData\Roaming\rmi
2014-04-24 12:22:53 -------- d-sh--w- C:\Users\Djeison\AppData\Locallow\EmieUserList
2014-04-24 12:15:53 -------- d-sh--w- C:\Users\Djeison\AppData\Local\EmieUserList
2014-04-24 12:15:53 -------- d-sh--w- C:\Users\Djeison\AppData\Local\EmieSiteList
2014-04-20 00:35:06 -------- d-sh--w- C:\Users\Djeison\AppData\Locallow\EmieSiteList
====== C:\Users\Djeison ======
2014-05-12 14:12:30 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\Users\Djeison\Downloads\AdwCleaner.exe
2014-05-12 11:24:02 -------- d-----w- C:\Users\TODOSO~1\HitmanPro
2014-05-12 11:24:02 -------- d-----w- C:\ProgramData\HitmanPro
2014-05-12 03:50:32 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Djeison\Downloads\HitmanPro_x64.exe
2014-05-11 13:26:16 277C7D790A3036A89D25C0B2CB2D80CF 470 --sha-r- C:\Users\Djeison\ntuser.pol
2014-05-06 02:11:57 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches
2014-04-20 19:53:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-19 02:50:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

====== C: exe-files ==
2014-05-12 14:12:30 9C038759E5993C0B3BFD8F2192C12747 1325827 ----a-w- C:\Users\Djeison\Downloads\AdwCleaner.exe
2014-05-12 11:31:53 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Djeison\AppData\Local\Temp\HitmanPro.exe
2014-05-12 03:50:32 98ADA896D51610D3412EEEAA5F12A53F 10971424 ----a-w- C:\Users\Djeison\Downloads\HitmanPro_x64.exe
2014-05-12 03:14:58 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-05-09 22:54:49 D1C90D3898044C7DA5F9B2BC2969C839 381248 ----a-w- C:\Users\Djeison\AppData\Local\NVIDIA\NvBackend\Packages\00005ab5\updatus.18448748_RUNASUSER.exe
2014-05-09 22:54:37 214EB30FD2887DD4972451F25EC232F1 3516192 ----a-w- C:\Users\Djeison\AppData\Local\NVIDIA\NvBackend\Packages\00005aaf\DAO.18443591.exe
2014-05-08 11:17:22 D6F369D84C0D3DC8E6B2EB65C2A67EDA 380840 ----a-w- C:\Users\Djeison\AppData\Local\NVIDIA\NvBackend\Packages\00005aa8\updatus.18441386_RUNASUSER.exe
2014-05-06 23:36:18 57EFBFD3933CF69D3FFA6A1F20221F3C 1461568 ----a-w- C:\Users\Djeison\AppData\Roaming\rmi\cpuz-1.67.exe
2014-05-06 21:44:42 B8185803DFFF20BD8381B6913DB139D0 379872 ----a-w- C:\Users\Djeison\AppData\Local\NVIDIA\NvBackend\Packages\00005a98\updatus.18427092_RUNASUSER.exe
2014-05-06 21:43:38 DC204D58FFF522D8350EEE1A50F401E0 1531736 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShadowPlay.{4F51CFBE-41E5-4BD5-ABDC-6D024F428329}\nvspcaps.exe
2014-05-06 21:43:38 B42F5E57CAA0983D9C1B2AC46911C0D2 597960 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{96402EEC-46A7-4A74-B879-AC1240038886}\7z.exe
2014-05-06 21:43:38 80040D0825AC3DF09E6CA2941B128083 128456 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.LEDVisualizer.{5E1826E9-1B06-4E16-A582-899AA0D5BD0B}\NvLedVisualizer.exe
2014-05-06 21:43:38 7603A49D33B50DB65344324534B8818B 3824416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{96402EEC-46A7-4A74-B879-AC1240038886}\GFExperience.exe
2014-05-06 21:43:38 5EFC8A2D8E9A97685B6A0DF1011EA115 540448 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShadowPlay.{4F51CFBE-41E5-4BD5-ABDC-6D024F428329}\DXSETUP.exe
2014-05-06 21:43:38 13C7676555EAF680618C42D9C35100A8 87328 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.LEDVisualizer.{5E1826E9-1B06-4E16-A582-899AA0D5BD0B}\NvLedServiceHost.exe
2014-05-06 21:43:38 0193679B2CE26E4A58A711EAAA7BAC53 1844000 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShadowPlay.{4F51CFBE-41E5-4BD5-ABDC-6D024F428329}\nvspcaps64.exe
2014-05-06 21:43:37 C50CD479FD1BB886244E2663DFFBCF6A 1618888 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Network.Service.{1C0C33A2-6E18-47C5-9AAE-A32463314675}\NVNetworkService.exe
2014-05-06 21:43:37 5EA707336336DDFADE5FD3726CEA1523 2199840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Update.Core.{FB6A75C5-D1C2-4138-8BF2-0308B9A89903}\NvBackend.exe
2014-05-06 21:43:37 4A83226F7169AFF2A05D790088A7F7B9 19701080 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\x86\server\nvstreamsvc.exe
2014-05-06 21:43:37 417FFBD1CB56D2EE288EB09939E8A675 5009752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\amd64\server\nvstreamer.exe
2014-05-06 21:43:37 217658DCDA30A7CE5CC220B3025FECF7 3822880 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\x86\server\nvstreamer.exe
2014-05-06 21:43:37 1F88F70B757FC2F3AF3AB1023D984653 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Update.Core.{FB6A75C5-D1C2-4138-8BF2-0308B9A89903}\WLMerger.exe
2014-05-06 21:43:37 175F2340C461C2A0601E62C2E76CC9BE 638752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\SteamLauncher\NVIDIA.SteamLauncher.exe
2014-05-06 21:43:37 03AC99D89FE40526AF3E10D2DA691FA3 21009352 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\amd64\server\nvstreamsvc.exe
2014-05-06 21:42:31 D183728D863D0D5FCC3C8849332C4211 414664 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{C31EC824-4D0B-4F80-8579-2E97E3F8F647}\setup.exe
2014-05-05 23:28:32 AFFF5CF2744D67E534537F33B8823FB6 28363696 ----a-w- C:\Users\Todos os Usuários\NVIDIA Corporation\NetService\GeForce_Experience_Update_v2.0.1.0.exe
2014-05-05 23:28:32 AFFF5CF2744D67E534537F33B8823FB6 28363696 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\GeForce_Experience_Update_v2.0.1.0.exe
2014-05-05 23:28:20 7BC07FCA385227DB7753DD52A26A69A7 379872 ----a-w- C:\Users\Djeison\AppData\Local\NVIDIA\NvBackend\Packages\00005a8b\updatus.18404952_RUNASUSER.exe
=== C: other files ==
2014-05-12 03:14:57 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\TDL4.bat
2014-05-12 03:14:57 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\medfos.bat
2014-05-12 03:14:57 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\modules.bat
2014-05-12 03:14:57 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\searchlnk.bat
2014-05-12 03:14:57 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\firefox.bat
2014-05-12 03:14:57 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\ev_clear.bat
2014-05-12 03:14:57 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\runvalues.bat
2014-05-12 03:14:57 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\delorphans.bat
2014-05-12 03:14:57 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\get.bat
2014-05-12 03:14:57 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\prelim.bat
2014-05-12 03:14:57 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\chrome.bat
2014-05-12 03:14:57 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\misc.bat
2014-05-12 03:14:57 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\ask.bat
2014-05-12 03:14:57 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\iexplore.bat
2014-05-12 03:14:57 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\JRT.bat
2014-05-12 03:14:57 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\FWPolicy.bat
2014-05-12 03:14:57 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Djeison\AppData\Local\Temp\jrt\delfolders.bat
2014-05-12 02:52:54 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-11 14:57:17 FF3721C757BC66C8702BFDBA977D345D 61112 ----a-w- C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-06 21:43:51 AD7A2F3AF147B2CF302EBF7C1E01E027 19744 ----a-w- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
2014-05-06 21:43:37 FA3B7E6BD974251CE1160A471B497072 34080 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{17A1861F-56CB-42A6-B196-2751CF8F8092}\nvvad32v.sys
2014-05-06 21:43:37 AD7A2F3AF147B2CF302EBF7C1E01E027 19744 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\amd64\server\NvStreamKms.sys
2014-05-06 21:43:37 75034A4D7C02327D150B617571D4196A 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-05-06 21:43:37 75034A4D7C02327D150B617571D4196A 40392 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{17A1861F-56CB-42A6-B196-2751CF8F8092}\nvvad64v.sys
2014-05-06 21:43:37 1F8755EC061F631A755EA5E5A513C4B1 19400 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\GFExperience.NvStreamSrv.{8A5877B7-187A-4C9D-AECF-860273BEE741}\x86\server\NvStreamKms.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2462414622-3941906331-3190940596-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Djeison\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Djeison\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMSS]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMSS"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\IMSS\\PIconStartup.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USB3MON"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SwitchBoard]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/05/2014 08:50]
C:\Windows\tasks\FF Watcher {B670077A-B0D0-4ECA-8789-1FC9504F3A1E}.job --a------ C:\Program Files\V-bates\PrefHelper.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\asdjlaks" [C:\Windows\System32\shutdown.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\desligar pc" [C:\Windows\System32\shutdown.exe]
"C:\Windows\SysNative\tasks\FF Watcher {B670077A-B0D0-4ECA-8789-1FC9504F3A1E}" [C:\Program Files\V-bates\PrefHelper.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/04/2014 20:23]

==== Chrome Look ======================

Google Docs - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Djeison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Djeison\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\daupdatersvc.service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 12/05/2014 at 11:24:09,07 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
Baidu;z
Baidu;a

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Segue o log do Zoek:


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Djeison on 12/05/2014 at 11:49:18,20.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Djeison\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-12-142409.log 36310 bytes

==== System Restore Info ======================

12/05/2014 11:52:54 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Folders Found ======================


==== Files Found ======================


--- C:\Users\Djeison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pan.baidu.com_0.localstorage ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2013-11-13 02:30:36
Modified time: 2014-05-04 13:47:10
MD5: 795FCA98A58C920DA17F90C41CFAFCD2
SHA1: 9529FBE86A3664A1E90F5A9DB74DFCBB142A1236


--- C:\Users\Djeison\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pan.baidu.com_0.localstorage-journal ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3608
Created time: 2013-11-13 02:30:36
Modified time: 2014-05-04 13:47:10
MD5: 03E87E8F6D1CC901E307B52D34DB1654
SHA1: CECB3CAF4358B6FDE1B4C39DF79B0DD6418089B1


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/04/2014 20:23]

==== Chrome Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Djeison\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Djeison\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Blender.lnk - C:\Program Files\Blender Foundation\Blender\blender.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Defraggler.lnk - C:\Program Files\Defraggler\Defraggler64.exe
C:\Users\Public\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Public\Desktop\Unity.lnk - C:\Program Files (x86)\Unity\Editor\Unity.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dragon Age Origins.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\MonoDevelop.lnk - C:\Program Files (x86)\Unity\MonoDevelop\bin\MonoDevelop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Report a Problem with Unity.lnk - C:\Program Files (x86)\Unity\Editor\UnityBugReporter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Uninstall Unity.lnk - C:\Program Files (x86)\Unity\Editor\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity Documentation.lnk - C:\Program Files (x86)\Unity\Editor\Data\Documentation\Documentation.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity.lnk - C:\Program Files (x86)\Unity\Editor\Unity.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"=""
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085ZJXPQ will be deleted at reboot
C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5TO47Q0 will be deleted at reboot
C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGRV87N9 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Djeison\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Djeison\AppData\Local\Temp will be emptied at reboot
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Djeison\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\085ZJXPQ" not found
"C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5TO47Q0" not found
"C:\Users\Djeison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGRV87N9" not found

==== EOF on 12/05/2014 at 12:01:53,92 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Djeison on 12/05/2014 at 12:34:20,14.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Djeison\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-12-142409.log 36310 bytes
C:\zoek-results2014-05-12-150153.log 12139 bytes

==== System Restore Info ======================

12/05/2014 12:48:56 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 12/05/2014 at 12:49:38,40 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Djeison on 12/05/2014 at 13:29:11,83.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Djeison\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-12-142409.log 36310 bytes
C:\zoek-results2014-05-12-150153.log 12139 bytes
C:\zoek-results2014-05-12-154938.log 3344 bytes

==== System Restore Info ======================

12/05/2014 13:30:09 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 12/05/2014 at 13:30:48,77 ======================

Faça o download do OTM (de Old Timer) no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede.

Quando o PC estiver no modo seguro com rede, selecione e copie todo o texto destacado em vermelho que te passei.

Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.

Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved

Depois disto clique no botão MoveIt!

Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
========== COMMANDS ==========
Error creating restore point.

OTM by OldTimer - Version 3.1.21.0 log created on 05122014_141744

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\ scheduled to be deleted on reboot.

O Baidu ainda aparece?

Sim, aparece.
Todas as entradas de antes ainda continuam lá.
Formatar o computador será o próximo passo?

É porque a desinstalação do Baidu ficou pela metade e estas chaves dele ficaram resistentes à remoção. Uma solução neste caso é fazer o seguinte:

Crie um novo ponto de restauração no Windows.

Depois disto, baixe o Baidu e o reinstale. Depois disto use o Revo Uninstaller em sua limpeza completa para desinstalar o Baidu.

Depois disto se ainda sobrar alguma coisa do Baidu você nos fala aqui que a gente busca remover.

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.