Remover Baidu Security

por Luisapm9 Ter 27 maio 2014, 15:53

Olá. Estou tentando apagar o Baidu Security e não consigo. Passei o AdwCleaner e não tive sucesso. Segue o logs do HijackThis.

Agradeço a ajuda, Luis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:40, on 27/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Positivo Informática\Mundo Positivo Áudio\AudioPower.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
c:\program files (x86)\mozilla firefox\firefox.exe
C:\Users\Luis Alberto\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 54.225.95.126 nikdaiaidiiiogaidkkekcmokcgcdeac
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [QqsnTerminal] "C:\Program Files (x86)\QQS\qvodterminal.exe" -autorun
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [Epson Stylus Office TX515FN(Rede)] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFHB.EXE /FU "C:\Users\LUISAL~1\AppData\Local\Temp\E_S8B47.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Updater] C:\ProgramData\Updater\Updater.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Positivo Aplicativos (AppManagerService) - Positivo Informática S.A. - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tecnologia de armazenamento Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 4.2.1.5166 (PCAppStoreSvc_{PCAppStore_4.2.1.5166}) - Unknown owner - C:\Program Files (x86)\Baidu Security\PC App Store\4.2.1.5166\PCAppStoreSvc.exe (file missing)
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe S.A. - C:\Program Files (x86)\PSafe\PSafeWD.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: serverqqs - Unknown owner - C:\Program Files (x86)\QQS\serverqqs.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12406 bytes

por **Power Max** Ter 27 maio 2014, 15:57

Oi Luis.

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por Luisapm9 Ter 27 maio 2014, 18:32

Segue o relatório.
Obrigado pela ajuda.

Luis Alberto

# AdwCleaner v3.211 - Relatório criado 27/05/2014 às 09:58:49
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Luis Alberto - LUIS
# Executando de : C:\Users\Luis Alberto\Downloads\adwcleaner_3.211.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : LPTSystemUpdater
Serviço Deletada : MovieMode
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
Serviço Deletada : winzipersvc
[#] Serviço Deletada : Wpm

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\SearchProtect
Pasta Deletada : C:\ProgramData\374311380
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\Browser
Pasta Deletada : C:\ProgramData\MovieMode
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\SweetIM
Pasta Deletada : C:\ProgramData\VisualBee
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Bench
Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\Gophoto.it
Pasta Deletada : C:\Program Files (x86)\LPT
Pasta Deletada : C:\Program Files (x86)\LyricsFinder
Pasta Deletada : C:\Program Files (x86)\MediaPlayerplus
Pasta Deletada : C:\Program Files (x86)\Omiga Plus
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\SweetIM
Pasta Deletada : C:\Program Files (x86)\sweetpacks bundle uninstaller
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\Plus-HD-2.5
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Pasta Deletada : C:\WINDOWS\SysWOW64\ARFC
Pasta Deletada : C:\WINDOWS\SysWOW64\jmdp
Pasta Deletada : C:\WINDOWS\SysWOW64\WNLT
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\Conduit
Pasta Deletada : C:\Program Files\Uninstaller
Pasta Deletada : C:\Users\Convidado\AppData\Local\Browser
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\AirInstaller
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\Smartbar
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\LUISAL~1\AppData\Local\Temp\WinZipper
Pasta Deletada : C:\Users\Convidado\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Luciana\AppData\Local\Browser
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\Browser
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\cool_mirage
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\emaze
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\genienext
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\LPT
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\MovieMode
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\Tuguu_SL
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\VisualBeeExe
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\webplayer
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\Minibar
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\Mysearchdial
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Luis Alberto\AppData\LocalLow\Smartbar
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\337 Wallpaper
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\337
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\AppCloudUpdater
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\awesomehp
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\eType
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Omiga Plus
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\SearchProtect
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\ValueApps
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\Luis Alberto\Documents\Mobogenie
Pasta Deletada : C:\Users\Luis Alberto\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Pasta Deletada : C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com
Pasta Deletada : C:\Users\Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Arquivo Deletada : C:\WINDOWS\System32\roboot64.exe
Arquivo Deletada : C:\Users\Luis Alberto\daemonprocess.txt
Arquivo Deletada : C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Arquivo Deletada : C:\WINDOWS\Tasks\AppCloudUpdater.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\AppCloudUpdater
Arquivo Deletada : C:\WINDOWS\Tasks\bench-sys.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\bench-sys
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Dealply
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\WINDOWS\Tasks\MySearchDial.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\MySearchDial
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Omiga Plus RunAsStdUser
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSense.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\SaveSense
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-2.5-codedownloader.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Plus-HD-2.5-codedownloader
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-2.5-enabler.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Plus-HD-2.5-enabler
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-2.5-updater.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\Plus-HD-2.5-updater
Arquivo Deletada : C:\WINDOWS\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-1.job
Arquivo Deletada : C:\WINDOWS\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-2.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-2
Arquivo Deletada : C:\WINDOWS\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-3.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-3
Arquivo Deletada : C:\WINDOWS\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-4.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-4
Arquivo Deletada : C:\WINDOWS\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-5.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\3d38a698-3229-4e8a-a7c1-71ee84c7a038-5

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chave Deletedo : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chave Deletedo : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chave Deletedo : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\sim-packages
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKCU\Software\52538cd9b06ee810
Chave Deletedo : HKLM\SOFTWARE\52538cd9b06ee810
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033438.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033438.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033438.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033438.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0038524.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0038524.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0038524.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0038524.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342238}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852224}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345538}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855524}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856624}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344438}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854424}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341138}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311851124}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{edeab7b3-8ef4-4370-b3af-c56ecfd250ac}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852224}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345538}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855524}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346638}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856624}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311851124}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\AppCloudUpdater
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DSNR Labs
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SearchProtectINT
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKCU\Software\visualbee
Chave Deletedo : HKCU\Software\WNLT
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\awesomehpSoftware
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Bench
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\Description
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\eSafeSecControl
Chave Deletedo : HKLM\Software\free_soft_to_day
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\MediaPlayerplus
Chave Deletedo : HKLM\Software\omigaplusSvc
Chave Deletedo : HKLM\Software\portaldositesSoftware
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\visualbee
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\Software\Plus-HD-2.5
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : [x64] HKLM\SOFTWARE\DomaIQ
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Chave Deletedo : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16518

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

[ Arquivo : C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\prefs.js ]

Linha deletada : user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1459de3661893d12275f8fb9ad77f58f");

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : majjphhgppkndjjkmhhnbgafooenebhd
Deletedo [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

*************************

AdwCleaner[R0].txt - [36510 octets] - [27/05/2014 09:52:50]
AdwCleaner[S0].txt - [30580 octets] - [27/05/2014 09:58:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30641 octets] ##########

por **Power Max** Ter 27 maio 2014, 18:43

* Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Remover Baidu Security 772309

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Luisapm9 Qua 28 maio 2014, 09:21

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Luis Alberto on 28/05/2014 at 9:02:42,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-474367948-3167979378-1603343550-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{4A8A23B2-5DEA-4041-A73A-052FC517DD54}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{80C5F2B8-21A7-4C35-A582-3DDF194B0A09}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{9006E2E1-ED7C-4174-A1B1-08B5DF0B698D}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{B164CC55-96EB-49B3-A8AC-639899DF0C20}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{DBD55E15-06AD-4F72-AE79-15F2048509A4}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{DBD6D1B8-560A-4BA6-BA28-6BD16E75A2D4}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{EA322501-C676-4C4F-A4A7-8097E4288BBF}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{ED71ABC4-57BB-4D67-B155-8F327CBCE50F}
Successfully deleted: [Empty Folder] C:\Users\Luis Alberto\appdata\local\{FA036EFE-5DC5-42E9-AC54-9769BD80126A}

~~~ FireFox

Emptied folder: C:\Users\Luis Alberto\AppData\Roaming\mozilla\firefox\profiles\ycpku5l3.default\minidumps [2 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/05/2014 at 9:17:17,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por Luisapm9 Qua 28 maio 2014, 09:24

Tentei apagar a pasta do Baidu Security e continua apresentando a mensagem que não é possível, pois está aberto em outro programa.

por **Power Max** Qua 28 maio 2014, 09:25

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Luisapm9 Sáb 31 maio 2014, 09:51

Segue o relatório do Zoek. Vou mandar por etapas, pois está muito grande.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Luis Alberto on 30/05/2014 at 17:42:19,53.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luis Alberto\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-161046.log 110394 bytes

==== System Restore Info ======================

30/05/2014 17:44:23 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\LUISAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\LUISAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\LUISAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\prefs.js:

Added to C:\Users\LUISAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Baidu deleted

==== Folders Found ======================

2014-05-27 12:59:01 2014-05-27 12:59:03 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-27 12:59:48 2014-05-27 12:59:48 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luis Alberto\AppData\Roaming\baidu
2014-05-27 12:59:48 2014-05-27 12:59:48 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luis Alberto\AppData\Roaming\baidu\Baidu Antivirus
2014-05-27 12:59:10 2014-05-27 12:59:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\LUISAL~1\AppData\Local\Temp\baidu
2014-05-27 12:59:56 2014-05-27 12:59:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-05-24 18:57:07 2014-05-29 13:31:52 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-28 23:57:49 2014-05-30 21:00:11 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-03-05 15:39:31 2014-03-05 15:39:31 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\update\baidu
2013-05-24 18:57:55 2014-03-05 11:48:16 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-28 23:59:51 2014-01-28 23:59:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-05-24 18:57:55 2014-03-05 11:48:16 -------- d-----w- C:\Users\All Users\Baidu Security
2014-01-28 23:59:51 2014-01-28 23:59:51 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-04-25 14:12:33 2013-08-31 15:46:02 -------- d-----w- C:\Users\Luis Alberto\AppData\Roaming\Baidu Security
2014-01-24 20:29:03 2014-01-24 20:29:03 -------- d-----w- C:\Users\Luis Alberto\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-24 20:29:04 2014-01-24 20:29:04 -------- d-----w- C:\Users\Luis Alberto\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-27 18:37:27 2014-05-27 18:37:27 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-05-29 13:30:58 2014-05-29 13:30:58 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-03-20 11:31:59 2014-03-20 11:31:59 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security
2014-05-30 21:04:25 2014-05-30 21:04:25 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu

==== Files Found ======================

--- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2013-09-22 07:32:04
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1268
Created time: 2014-01-28 23:59:51
Modified time: 2014-04-08 18:15:30
MD5: C8FA7002A59C9651AC2627F143AB83A8
SHA1: 7E7092C1A6AD1E2C86FED1B80B8EF4C8F838E03F

--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1268
Created time: 2014-01-28 23:59:51
Modified time: 2014-04-08 18:15:30
MD5: C8FA7002A59C9651AC2627F143AB83A8
SHA1: 7E7092C1A6AD1E2C86FED1B80B8EF4C8F838E03F

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-05-28 12:52:59
Modified time: 2014-04-08 18:15:29
MD5: 3011A4C6B3ADE01CA1D510B24613E951
SHA1: EC584AE3C97818AA09AB1B4B688DED9E4F2BEA2F

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3456
Created time: 2014-05-28 12:52:59
Modified time: 2014-05-09 12:35:43
MD5: 5A3AE3CEFD056C0ACC714F80CCB18D0D
SHA1: 15BA49C2D01E69F60B817DBAF22F03674FC499AA

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-26 05-04-41-0677-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-05-29 05-30-03-0420-[4882].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/mini_install_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-05-29 05-31-38-0230-[0041].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-05-29 05-31-03-0258-[5078].dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/mini_install_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.2.1.5166\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.2.1.5166\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.2.1.5166"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
"Path"="C:\\Program Files (x86)\\baidu\\Spark"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@="C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="BaiduSparkHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="BaiduSparkHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="BaiduSparkHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="BaiduSparkHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="BaiduSparkHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Translator.exe,-201"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Translator.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\\Program Files (x86)\\baidu\\Spark\\resource\\application\\Image\\baidubrowserfile.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@="\"C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe\" -- \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\\Program Files (x86)\\baidu\\Spark\\resource\\application\\Image\\baidubrowserfile.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\\Program Files (x86)\\baidu\\Spark\\resource\\application\\Image\\baidubrowserfile.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@="\"C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe\" -- \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@="\"C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe\" -- \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@="BaiduSpark.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"DisplayName"="Baidu PC App Store Service 4.2.1.5166"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"Description"="Baidu PC App Store Service 4.2.1.5166"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"DisplayName"="Baidu PC App Store Service 4.2.1.5166"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"Description"="Baidu PC App Store Service 4.2.1.5166"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

por Luisapm9 Sáb 31 maio 2014, 09:52

Parte 2:

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\031214-33078-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.0.6.5038]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.2.1.5166]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SweetIM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-12 10_01_47_0285rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-17 09_29_12_0649rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-10 18_14_43_0410rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-14 09_07_22_0695rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-11-01 08_53_56_0958rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.bav.baidu.com"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\1041625812]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\1041625812]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=3.8.8.1435&to_version=3.8.8.1435&errorcode=0&errortext=&userid=S2SKJ5AC-80EE734691EC!b0990a75-f44e-44d1-b0b5-9e4f622c8dd4@#80EE734691EC&install_time=2013-09-12 13:01:57"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\14665968]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\14665968]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_channel_info_appstore.cgi?install_channel=pcf&version=3.8.8.1435&errorcode=0&errortext=&userid=S2SKJ5AC-80EE734691EC!b0990a75-f44e-44d1-b0b5-9e4f622c8dd4@#80EE734691EC&install_time=2013-08-31 15:46:04"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\550450531]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\550450531]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=3.8.8.1435&to_version=3.8.8.1435&errorcode=0&errortext=&userid=S2SKJ5AC-80EE734691EC!b0990a75-f44e-44d1-b0b5-9e4f622c8dd4@#80EE734691EC&install_time=2013-09-06 20:36:26"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install\708735875]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install\708735875]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=4.0.6.5038&to_version=4.2.1.5166&errorcode=0&errortext=&userid=31aa0a9d3dbd04be1c36f970cf6f94d8&install_time=2014-04-19 16:41:30"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\DataReport]

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-03 16_58_33_[0102]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-05 08_46_58_[0702]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-10 16_46_53_[0896]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-12 10_17_37_[0660]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-13 09_11_42_[0176]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-14 13_06_04_[0026]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-17 09_44_02_[0765]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-19 18_47_27_[0131]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-26 12_48_19_[0416]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-27 16_54_50_[0888]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-30 17_18_29_[0437]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-04 13_16_24_[0520]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-04 17_16_25_[0079]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-05 13_15_55_[0038]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-07 13_54_51_[0876]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-07 17_54_51_[0790]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-09 12_43_11_[0876]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-09 16_43_21_[0549]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-14 13_46_55_[0489]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-15 17_08_37_[0664]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-17 16_51_04_[0130]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-21 17_02_55_[0010]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-23 16_47_10_[0598]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-24 12_52_26_[0091]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-24 16_52_28_[0746]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-29 14_43_58_[0594]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-30 09_42_14_[0985]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 09_08_59_[0422]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 13_08_53_[0177]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 17_08_52_[0796]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-04 13_46_46_[0358]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-04 17_46_46_[0221]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-07 21_47_59_[0394]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-12 14_03_42_[0014]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-12 18_03_40_[0338]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-14 12_41_14_[0064]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-14 16_41_11_[0085]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-16 13_09_42_[0380]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-18 13_05_48_[0429]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-18 17_05_47_[0225]rpdata.dat"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Exam]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Sony PC Companion_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PSafeTray_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PSafeWDS_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"EEventManager_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\Spark\Capabilities\UrlAssociations]
"magnet"="BaiduSpark.Url.magnet"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3a0e1ee7_0]
@="{2}.\\\\?\\root#media#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\topo1/00010001|\\Device\\HarddiskVolume4\\Program Files (x86)\\baidu\\Spark\\Spark.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"BaiduSparkHTML_http"=dword:00000000

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"BaiduSparkHTML_https"=dword:00000000

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"BaiduSparkHTML"=hex(0):

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"BaiduSparkHTML"=hex(0):

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"BaiduSparkHTML"=hex(0):

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithProgids]
"baiduspark.Torrent"=hex(0):

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
"Progid"="BaiduSparkHTML"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.29\\Uninstall.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.8.8.1435\\PCAppStore.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luis Alberto\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1111.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BAVSvc.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\BaiduDefragFiles.exe"=hex:53,41,43,50,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\Uninstall.exe"=hex:53,41,43,50,01,00,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.0.6.5038\\AppStoreUpdater.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\update\\BavPro_Setup.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFasterSvc.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.2.1.5166\\AppStoreUpdater.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luis Alberto\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\bdutil.exe"=hex:53,41,43,50,01,00,00,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\sparkservice.exe"=hex:53,41,43,50,01,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe"=hex:53,41,43,50,01,00,00,00,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\uninst.exe"=hex:53,41,43,50,01,00,00,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\PC_Faster_Setup_Mini_GL16.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\Uninstall.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\RegisteredApplications]
"BaiduSpark"="Software\\Clients\\StartMenuInternet\\BaiduSpark\\Capabilities"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.FriendlyAppName"="PC Faster"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.ApplicationCompany"="Baidu Inc."

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.FriendlyAppName"="Baidu Antivirus Hook Monitor"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.ApplicationCompany"="Baidu, Inc."

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.FriendlyAppName"="PC Faster"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.ApplicationCompany"="Baidu Inc."

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.FriendlyAppName"="Baidu Antivirus Hook Monitor"

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.ApplicationCompany"="Baidu, Inc."

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\031214-33078-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.0.6.5038]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.2.1.5166]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SweetIM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-12 10_01_47_0285rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-17 09_29_12_0649rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-10 18_14_43_0410rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-14 09_07_22_0695rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-11-01 08_53_56_0958rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"support@vdownloader.com"="C:\Program Files\VDownloader\Addons\FireFox" [29/03/2014 14:53]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/05/2014 10:43]

==== Firefox Extensions ======================

ProfilePath: C:\Users\LUISAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default
- Site Matcher Pro - C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\extensions\sitematcherpro@sitematcherpro.com
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Yahoo Toolbar - C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Site Matcher Pro - %ProfilePath%\extensions\sitematcherpro@sitematcherpro.com
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default
A58DE0A570148AF5FF3512B2A340D09F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
02330237B960CA470FBC068FD8936EBA - C:\Program Files\VDownloader\Addons\npVDownloader.dll - VDownloader

==== Deleted Firefox Extensions ======================

C:\Users\Luis Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\ycpku5l3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[26/05/2014 10:42]

Google Docs - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Video Download - Luis Alberto\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
MixiDJ V30 - Luis Alberto\AppData\Local\Spark\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
SiteAdvisor - Luis Alberto\AppData\Local\Spark\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
MySearchDial - Luis Alberto\AppData\Local\Spark\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Convidado\Desktop\PetMoura.lnk - \\SERVIDOR\Moura_\menu.exe
C:\Users\Luciana\Desktop\Sismoura.lnk - \\SERVIDOR\Moura_\menu.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\4Free Video Converter .lnk - C:\Program Files (x86)\4Free Video Converter\videoconverter.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Public\Desktop\GeoGebra.lnk - C:\Program Files (x86)\GeoGebra 4.4\GeoGebra.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mundo Positivo Webcam.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Webcam\WebCam.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\dexplore.exe /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008.lnk - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Luis Alberto\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Luis Alberto\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Luciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luis Alberto\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Luis Alberto\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Luis Alberto\AppData\Local\Mozilla\Firefox\Profiles\ycpku5l3.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Luis Alberto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Luis Alberto\AppData\Local\Spark\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=447 folders=104 93049696 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luciana\AppData\Local\Temp emptied successfully
C:\Users\Luis Alberto\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\LUISAL~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 31/05/2014 at 8:49:43,81 ======================

por **Power Max** Sáb 31 maio 2014, 13:19

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Luisapm9 Sáb 31 maio 2014, 15:45

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Luis Alberto on 31/05/2014 at 14:50:52,53.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luis Alberto\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-28-161046.log 110394 bytes
C:\zoek-results2014-05-31-114943.log 65009 bytes

==== System Restore Info ======================

31/05/2014 14:53:11 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166} deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-26 05-04-41-0677-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-05-29 05-30-03-0420-[4882].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-05-29 05-31-38-0230-[0041].dat"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PC_Faster_Setup_Mini_GL16-2014-05-29 05-31-03-0258-[5078].dat"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.2.1.5166]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spark.exe]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\DefaultIcon]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.2.1.5166}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\031214-33078-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.0.6.5038]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.2.1.5166]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SweetIM_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-12 10_01_47_0285rpdata.dat"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-17 09_29_12_0649rpdata.dat"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-10 18_14_43_0410rpdata.dat"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-14 09_07_22_0695rpdata.dat"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-11-01 08_53_56_0958rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\1041625812]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\1041625812]
"url"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\14665968]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\14665968]
"url"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\550450531]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\550450531]
"url"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install\708735875]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install\708735875]
"url"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\DataReport]
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-03 16_58_33_[0102]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-05 08_46_58_[0702]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-10 16_46_53_[0896]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-12 10_17_37_[0660]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-13 09_11_42_[0176]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-14 13_06_04_[0026]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-17 09_44_02_[0765]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-19 18_47_27_[0131]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-26 12_48_19_[0416]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-27 16_54_50_[0888]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-09-30 17_18_29_[0437]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-04 13_16_24_[0520]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-04 17_16_25_[0079]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-05 13_15_55_[0038]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-07 13_54_51_[0876]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-07 17_54_51_[0790]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-09 12_43_11_[0876]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-09 16_43_21_[0549]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-14 13_46_55_[0489]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-15 17_08_37_[0664]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-17 16_51_04_[0130]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-21 17_02_55_[0010]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-23 16_47_10_[0598]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-24 12_52_26_[0091]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-24 16_52_28_[0746]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-29 14_43_58_[0594]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-10-30 09_42_14_[0985]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 09_08_59_[0422]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 13_08_53_[0177]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-01 17_08_52_[0796]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-04 13_46_46_[0358]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-04 17_46_46_[0221]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-07 21_47_59_[0394]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-12 14_03_42_[0014]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-12 18_03_40_[0338]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-14 12_41_14_[0064]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-14 16_41_11_[0085]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-16 13_09_42_[0380]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-18 13_05_48_[0429]rpdata.dat"=-
"c:\\users\\luis alberto\\appdata\\roaming\\baidu security\\pc app store\\rpdata\\2013-11-18 17_05_47_[0225]rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"Sony PC Companion_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PSafeTray_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"PSafeWDS_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"EEventManager_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\SystemCleanerTab]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities]
[-HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]
"magnet"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\Spark\Capabilities\UrlAssociations]
"magnet"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3a0e1ee7_0]
@=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"BaiduSparkHTML_http"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"BaiduSparkHTML_https"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"BaiduSparkHTML"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"BaiduSparkHTML"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"BaiduSparkHTML"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithProgids]
"baiduspark.Torrent"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
"Progid"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.2.0.29\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.8.8.1435\\PCAppStore.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luis Alberto\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1111.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BAVSvc.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\BaiduDefragFiles.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.0.6.5038\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\update\\BavPro_Setup.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFasterSvc.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\4.2.1.5166\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luis Alberto\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\bdutil.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\sparkservice.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\Spark.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\baidu\\Spark\\uninst.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\PC_Faster_Setup_Mini_GL16.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\RegisteredApplications]
"BaiduSpark"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavhm.exe.ApplicationCompany"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BHipsSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\031214-33078-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.8.8.1435\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.0.6.5038]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.2.1.5166]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\4.2.1.5166\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"QuickTime Task_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
"SweetIM_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-12 10_01_47_0285rpdata.dat"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-17 09_29_12_0649rpdata.dat"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-10 18_14_43_0410rpdata.dat"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-10-14 09_07_22_0695rpdata.dat"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-11-01 08_53_56_0958rpdata.dat"=-

==== Deleting Files \ Folders ======================

C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luis Alberto\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCns.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUp.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BETManger.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBh.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCns.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCommon.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDllFilter.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUp.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BETManger.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CP.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsDR.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\uf.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\uf.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted

==== Folders Found ======================

2014-05-27 12:59:01 2014-05-27 12:59:03 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-27 12:59:48 2014-05-27 12:59:48 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luis Alberto\AppData\Roaming\baidu
2014-05-27 12:59:48 2014-05-27 12:59:48 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Luis Alberto\AppData\Roaming\baidu\Baidu Antivirus
2014-05-27 12:59:10 2014-05-27 12:59:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\LUISAL~1\AppData\Local\Temp\baidu
2014-05-27 12:59:56 2014-05-27 12:59:56 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-05-24 18:57:07 2014-05-29 13:31:52 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-28 23:57:49 2014-05-31 18:02:36 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-30 21:26:47 2014-05-30 21:26:47 -------- d-----w- C:\ProgramData\Baidu
2014-05-30 21:26:47 2014-05-30 21:26:47 -------- d-----w- C:\Users\All Users\Baidu
2014-05-31 17:59:50 2014-05-31 17:59:51 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-31 18:00:52 2014-05-31 18:01:46 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-31 18:01:47 2014-05-31 18:01:47 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus_update_baidu
2014-05-31 18:01:47 2014-05-31 18:01:55 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-31 18:02:01 2014-05-31 18:02:01 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-30 21:04:25 2014-05-30 21:04:25 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-05-31 18:02:01 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-31 18:02:14 2014-05-31 18:02:15 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-31 18:02:15 2014-05-31 18:02:16 -------- d---a-w- C:\zoek_backup\C_Users_Luis Alberto_AppData_Roaming_Baidu Security
2014-05-31 18:02:17 2014-05-31 18:02:17 -------- d---a-w- C:\zoek_backup\C_Users_Luis Alberto_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-31 18:02:17 2014-05-31 18:02:17 -------- d---a-w- C:\zoek_backup\C_Users_Luis Alberto_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-31 18:02:18 2014-05-31 18:02:18 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-05-31 18:02:18 2014-05-31 18:02:18 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-31 18:02:18 2014-05-31 18:02:18 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-31 17:59:51 2014-05-31 18:00:51 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-31 18:00:52 2014-05-31 18:00:52 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\update\baidu
2014-05-31 18:01:47 2014-05-31 18:01:47 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\update\baidu
2014-05-31 18:02:16 2014-05-31 18:02:16 -------- d---a-w- C:\zoek_backup\C_Users_Luis Alberto_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-31 18:02:16 2014-05-31 18:02:16 -------- d---a-w- C:\zoek_backup\C_Users_Luis Alberto_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-05-28 12:52:59
Modified time: 2014-04-08 18:15:29
MD5: 3011A4C6B3ADE01CA1D510B24613E951
SHA1: EC584AE3C97818AA09AB1B4B688DED9E4F2BEA2F

--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3456
Created time: 2014-05-28 12:52:59
Modified time: 2014-05-09 12:35:43
MD5: 5A3AE3CEFD056C0ACC714F80CCB18D0D
SHA1: 15BA49C2D01E69F60B817DBAF22F03674FC499AA

--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-05-31 18:00:28
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-05-31 18:00:28
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-05-31 18:01:24
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-05-31 18:01:24
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1268
Created time: 2014-05-31 18:02:01
Modified time: 2014-04-08 18:15:30
MD5: C8FA7002A59C9651AC2627F143AB83A8
SHA1: 7E7092C1A6AD1E2C86FED1B80B8EF4C8F838E03F

--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1268
Created time: 2014-05-31 18:02:15
Modified time: 2014-04-08 18:15:30
MD5: C8FA7002A59C9651AC2627F143AB83A8
SHA1: 7E7092C1A6AD1E2C86FED1B80B8EF4C8F838E03F

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\1041625812]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\14665968]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\3.8.8.1435\Install\550450531]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\4.2.1.5166\Install\708735875]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities]

[HKEY_USERS\S-1-5-21-474367948-3167979378-1603343550-1001\Software\Clients\StartMenuInternet\BaiduSpark\Capabilities\UrlAssociations]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4633 folders=869 1129846428 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\uf.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\data\uf.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not found

==== EOF on 31/05/2014 at 15:43:00,02 ======================

por Luisapm9 Sáb 31 maio 2014, 15:47

Não encontro mais este software no arquivo de programas. Acho que resolveu o problema.

Muito obrigado pela ajuda.

por **Power Max** Sáb 31 maio 2014, 18:05

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por **Danii** Ter 17 Jun 2014, 12:02

TÓPICO ARQUIVADO

Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remover Baidu Security

Remover Baidu Security

Re: Remover Baidu Security

Relatório AdwCleaner S0

Re: Remover Baidu Security

JRT

Re: Remover Baidu Security

Re: Remover Baidu Security

Re: Remover Baidu Security

Re: Remover Baidu Security

Re: Remover Baidu Security

Re: Remover Baidu Security

Resolvido o problema

Re: Remover Baidu Security

Re: Remover Baidu Security

Re: Remover Baidu Security

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30