notbook muito lento

boa noite !!! estou com meu not muito lento!!! segue log do hijacktis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:34, on 27/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe
C:\Program Files\-NewPlayer\NewPlayerLwruQw.exe
C:\Program Files\HomeTab\WConnectorDirect.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\AppStoreDeskTool.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\AppStoreUtilExe.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\win\Desktop\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14029;https=127.0.0.1:14029
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RoyalShoopperApp - {06E9CB26-D72E-B769-83A6-FE71603D8115} - C:\ProgramData\RoyalShoopperApp\7PRt3zZZ.dll
O2 - BHO: HomeTab - {0d687747-ed29-4f98-ae2d-ea537ec4ea34} - C:\Program Files\HomeTab\IE\HomeTab.dll
O2 - BHO: CrossriderApp0059564 - {11111111-1111-1111-1111-110511951164} - C:\Program Files\Plus-HD-V1.6\Plus-HD-V1.6-bho.dll
O2 - BHO: CrossriderApp0059603 - {11111111-1111-1111-1111-110511961103} - C:\Program Files\Fraven 1.1\Fraven 1.1-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: realudeaL - {2C863540-2388-AE9E-85C7-0355D7D4FE1F} - C:\ProgramData\realudeaL\tAd.dll
O2 - BHO: FlexiubleShopper - {3874A7E0-51CC-8749-4254-1E0334CCC789} - C:\ProgramData\FlexiubleShopper\p.dll
O2 - BHO: deallster - {4BB60AFA-882D-E4AB-C552-2BB282DE01DC} - C:\ProgramData\deallster\GfWtAi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: KingCoUpon - {8B4D3579-3467-DA56-89FB-BA02FCC96C44} - C:\ProgramData\KingCoUpon\UJtOX.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: HomeTab - {0d687747-ed29-4f98-ae2d-ea537ec4ea34} - C:\Program Files\HomeTab\IE\HomeTab.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ws-ena~1\assist~1.dll  c:\progra~2\perfor~1\perfor~1.dll c:\progra~1\optimi~1\optpro~2.dll
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LocalServiceSystem - Unknown owner - C:\Windows\system32\LocalServer\service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NewPlayer - Unknown owner - C:\Program Files\-NewPlayer\NewPlayerzh174.exe
O23 - Service: Baidu PC App Store Service 4.5.1.6049 (PCAppStoreSvc_{PCAppStore_4.5.1.6049}) - Baidu Inc. - C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\PCAppStoreSvc.exe
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe
O23 - Service: Update Greener Web - Unknown owner - C:\Program Files\Greener Web\updateGreenerWeb.exe
O23 - Service: Util Greener Web - Unknown owner - C:\Program Files\Greener Web\bin\utilGreenerWeb.exe
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\win\AppData\Roaming\VOPackage\VOsrv.exe

--
End of file - 7141 bytes

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.213 - Relatório criado 27/06/2014 às 21:48:49
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : win - WIN-PC
# Executando de : C:\Users\win\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : ca82e1a5
Serviço Deletada : dfc86759
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : ProtectMonitor
Serviço Deletada : vosr

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\webssearches
Pasta Deletada : C:\ProgramData\2308189059
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Performancer
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\FlexiubleShopper
Pasta Deletada : C:\ProgramData\Graeatsaver
Pasta Deletada : C:\ProgramData\KingCoUpon
Pasta Deletada : C:\ProgramData\Search-NEwTiab
Pasta Deletada : C:\ProgramData\Seeaorch--NeweTabb
Pasta Deletada : C:\ProgramData\Suearach-NewTabb
Pasta Deletada : C:\ProgramData\websavve
Pasta Deletada : C:\ProgramData\weebsAve
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jfilemanager
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\GrabRez
Pasta Deletada : C:\Program Files\HomeTab
Pasta Deletada : C:\Program Files\Jump Flip
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Program Files\Optimizer Elite Max
Pasta Deletada : C:\Program Files\Optimizer Pro
Pasta Deletada : C:\Program Files\PCDApp
Pasta Deletada : C:\Program Files\ScanTack
Pasta Deletada : C:\Program Files\Trymedia
Pasta Deletada : C:\Program Files\Uninstaller
Pasta Deletada : C:\Program Files\Seeaorch--NeweTabb
Pasta Deletada : C:\Program Files\Suearach-NewTabb
Pasta Deletada : C:\Program Files\websavve
Pasta Deletada : C:\Program Files\weebsAve
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\ASPNET\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\win\AppData\Local\Beamrise
Pasta Deletada : C:\Users\win\AppData\Local\BeamriseUninstall
Pasta Deletada : C:\Users\win\AppData\Local\genienext
Pasta Deletada : C:\Users\win\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\win\AppData\Local\jfilemanager
Pasta Deletada : C:\Users\win\AppData\Local\lollipop
Pasta Deletada : C:\Users\win\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\win\AppData\Local\torch
Pasta Deletada : C:\Users\win\AppData\LocalLow\HomeTab
Pasta Deletada : C:\Users\win\AppData\LocalLow\SimplyTech
Pasta Deletada : C:\Users\win\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\win\AppData\Roaming\baidu
Pasta Deletada : C:\Users\win\AppData\Roaming\EZDownloader
Pasta Deletada : C:\Users\win\AppData\Roaming\Optimizer Elite Max
Pasta Deletada : C:\Users\win\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\win\AppData\Roaming\PC TEKNIX
Pasta Deletada : C:\Users\win\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\win\AppData\Roaming\SimplyTech
Pasta Deletada : C:\Users\win\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\win\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\win\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\win\AppData\Roaming\Microsoft\windows\Start Menu\Programs\MyPC Backup
Pasta Deletada : C:\Users\win\AppData\Roaming\Microsoft\windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\win\Documents\Mobogenie
Pasta Deletada : C:\Users\win\Documents\Optimizer Pro
Pasta Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\Extensions\67af2835-79c3-420a-bc70-cd5399c4b726@5c23b6cf-f0cf-4ff9-89af-a3fb89311be5.com
Pasta Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\Extensions\6c78cab3-0311-420c-8cc8-d70d7c2e12d0@61a12377-7214-44f1-a183-c0827fed20fa.com
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Windows\system32\SecureAssist.ini
Arquivo Deletada : C:\Windows\system32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\win\daemonprocess.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Updater
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\PCHelpers_period.job
Arquivo Deletada : C:\Windows\System32\Tasks\PCHelpers_period
Arquivo Deletada : C:\Windows\Tasks\PCHelpers1st.job
Arquivo Deletada : C:\Windows\System32\Tasks\PCHelpers1st
Arquivo Deletada : C:\Windows\System32\Tasks\ProtectedSearch
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
Arquivo Deletada : C:\Windows\Tasks\SaveSense.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-1
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-11
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-2
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-3
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-4
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-5
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-6
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-7
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-1
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-11
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-2
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-3
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-4
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-5
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-6
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-7

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{216839EE-56EE-4FC0-B122-DF5CF7F2A278}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{216839EE-56EE-4FC0-B122-DF5CF7F2A278}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{838FF6D9-19BD-475B-9172-D0DB5EDB7536}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AEF3BBD-EC2C-4C8D-B9EF-0A892866DCC5}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AEF3BBD-EC2C-4C8D-B9EF-0A892866DCC5}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA289DF8-3BCD-4406-B18C-AEED38A6C734}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA289DF8-3BCD-4406-B18C-AEED38A6C734}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEE4B5F0-E183-4D32-99A3-5B4389530B45}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE4B5F0-E183-4D32-99A3-5B4389530B45}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66272488-7BD0-4219-8570-5DFB3A9B482A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66272488-7BD0-4219-8570-5DFB3A9B482A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E5548D2-36B3-444E-9FE0-FC3153A2573D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E5548D2-36B3-444E-9FE0-FC3153A2573D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{563735B0-A907-4336-B2F2-02AB52BD4888}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D0ED9F-158D-4E83-96F1-1201C7138703}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23B7AB81-E30C-4295-A48C-E65AFC5BF672}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{274DD368-A45C-4C7B-9CA8-6C17DE28BCE9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D0ED9F-158D-4E83-96F1-1201C7138703}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23B7AB81-E30C-4295-A48C-E65AFC5BF672}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{274DD368-A45C-4C7B-9CA8-6C17DE28BCE9}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61F06FF2-8271-4420-9B2D-477015AA9FF3}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61F06FF2-8271-4420-9B2D-477015AA9FF3}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F8E0AE7-31B1-4150-91F2-4DC43AAA25F8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F8E0AE7-31B1-4150-91F2-4DC43AAA25F8}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28617FD8-9FD2-4DFC-822B-B0D81990434D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28617FD8-9FD2-4DFC-822B-B0D81990434D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E72D9AA4-255E-468E-AA51-4E5BFFDCDDBF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72D9AA4-255E-468E-AA51-4E5BFFDCDDBF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B24DF58F-264F-47F3-8445-F4F5BAFEBD19}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B24DF58F-264F-47F3-8445-F4F5BAFEBD19}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F98CD3E9-8B0A-4ED1-9209-48F2E635A79E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98CD3E9-8B0A-4ED1-9209-48F2E635A79E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B07DDA9-47F5-4C2F-BC15-2CEEB902A195}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B07DDA9-47F5-4C2F-BC15-2CEEB902A195}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5803D887-43A3-494D-A121-82EDBB16A7A0}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5803D887-43A3-494D-A121-82EDBB16A7A0}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5716A84-079F-4B4D-8519-2839194687E1}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5716A84-079F-4B4D-8519-2839194687E1}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{438FB965-69FF-45E5-8F57-FEB5A354DC69}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25804D63-BAAA-48CF-ABE6-8AE715B17113}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{438FB965-69FF-45E5-8F57-FEB5A354DC69}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25804D63-BAAA-48CF-ABE6-8AE715B17113}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4821E241-A38B-476C-8B17-5CA60C10D983}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4821E241-A38B-476C-8B17-5CA60C10D983}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{580B0A7B-C0D6-4589-BCDB-30AADA150E1E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{580B0A7B-C0D6-4589-BCDB-30AADA150E1E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ACA45CD-BE49-42FF-89BD-A2F3E7E2DC60}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ACA45CD-BE49-42FF-89BD-A2F3E7E2DC60}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AE632F0-9437-4904-BB1F-FF0A68C842E7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE632F0-9437-4904-BB1F-FF0A68C842E7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21766565-ABFA-4463-A7CB-5A838C161C91}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21766565-ABFA-4463-A7CB-5A838C161C91}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F8B5B58-4C91-4B83-ADFD-3AF138527BEF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F8B5B58-4C91-4B83-ADFD-3AF138527BEF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.Band
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.Band.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Chave Deletedo : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilJumpFlip_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v18_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\FlexiblleShoppEr.FlexiblleShoppEr
Chave Deletedo : HKLM\SOFTWARE\Classes\FlexiblleShoppEr.FlexiblleShoppEr.4.75
Chave Deletedo : HKLM\SOFTWARE\Classes\KinegCoupoon.KinegCoupoon
Chave Deletedo : HKLM\SOFTWARE\Classes\KinegCoupoon.KinegCoupoon.1.3
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d926dfd5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{dfc86759}
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059564.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059564.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059564.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059564.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059603.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059603.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059603.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0059603.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3874A7E0-51CC-8749-4254-1E0334CCC789}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8B4D3579-3467-DA56-89FB-BA02FCC96C44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511951164}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511961103}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522952264}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522962203}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955564}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555965503}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956664}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566966603}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544954464}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544964403}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3874A7E0-51CC-8749-4254-1E0334CCC789}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B4D3579-3467-DA56-89FB-BA02FCC96C44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951164}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511961103}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3874A7E0-51CC-8749-4254-1E0334CCC789}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B4D3579-3467-DA56-89FB-BA02FCC96C44}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951164}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511961103}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3874A7E0-51CC-8749-4254-1E0334CCC789}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B4D3579-3467-DA56-89FB-BA02FCC96C44}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511951164}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511961103}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3874A7E0-51CC-8749-4254-1E0334CCC789}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B4D3579-3467-DA56-89FB-BA02FCC96C44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKCU\Software\Adorika
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\HomeTab
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Optimizer Elite Max
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\Pokki
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\torch
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\LevelQualityWatcher
Chave Deletedo : HKLM\Software\NewPlayer
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\torch
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739027FD-0200-4F32-A9AC-8E4058065C1A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\ws-ena~1\assist~1.dll
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\perfor~1\perfor~1.dll
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\013AC89AE8CD1D45889FDECE68DF5C58
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13FCB74451B14F755A9489A45D48059A
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A8D788750C70AA57A73B2319DF554AE
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\592A2C0FFC3C7855AA30F38A3C25B7DA
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A426544C5826DA5292547521114EC1F
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC5ECDC1EDBB7615D81C34F1B6A68589
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D35F7D2F9958FA155AE7953C4A2EE959
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB01B45D33D99A85CB09D2FCEABE5EAC
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\Software\Classes\Installer\Features\DF720937002023F49ACAE8048560C5A1
Chave Deletedo : HKLM\Software\Classes\Installer\Products\DF720937002023F49ACAE8048560C5A1

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16421

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\prefs.js ]

Linha deletada : user_pref("extensions.a67af283579c3420abc70cd5399c4b7265c23b6cff0cf4ff989afa3fb89311be5com59564.59564.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.a6c78cab30311420c8cc8d70d7c2e12d061a12377721444f1a183c0827fed20facom59603.59603.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "146bbe0bc7b9c1f6df0f78df6e3a1fed");
Linha deletada : user_pref("extensions.funmoods.AL", 2);
Linha deletada : user_pref("extensions.funmoods.aflt", "pc0102");
Linha deletada : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Linha deletada : user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1QzuzztD0E0EyBtAtAzztByBtC0A0FtAyC0BtN0D0Tzu0SzytDzytN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1B1V1N2Y1L1Qzu2StAzy0C0D0CyByEyCtGyD0B0F0AtGyByCz[...]
Linha deletada : user_pref("extensions.funmoods.cr", "2072445230");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=pc0102&cd=2XzuyEtN2Y1L1QzuzztD0E0EyBtAtAzztByBtC0A0FtAyC0BtN0D0Tzu0SzytDzytN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1[...]
Linha deletada : user_pref("extensions.funmoods.id", "80EE7338271AF36B");
Linha deletada : user_pref("extensions.funmoods.instlDay", "16248");
Linha deletada : user_pref("extensions.funmoods.instlRef", "pc0102");
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=pc0102&cd=2XzuyEtN2Y1L1QzuzztD0E0EyBtAtAzztByBtC0A0FtAyC0BtN0D0Tzu0SzytDzytN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1[...]
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=pc0102&cd=2XzuyEtN2Y1L1QzuzztD0E0EyBtAtAzztByBtC0A0FtAyC0BtN0D0Tzu0SzytDzytN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.8.29.0");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.8.29.0");
Linha deletada : user_pref("extensions.funmoods_i.hmpg", true);
Linha deletada : user_pref("extensions.funmoods_i.newTab", false);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.8.29.015:51:59");

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : afppilkldaidejbbgncjmchcllapmpfl
Deletedo [Extension] : agcabcjecphallgbobkebfldecaailkb
Deletedo [Extension] : bapgoieponmleaihpfdgoplcklinnonh
Deletedo [Extension] : bonmgpglnblhjmckooipapelaipldnja
Deletedo [Extension] : igocdjpdkjdmeajoboodboloopfemdfc
Deletedo [Extension] : jghcdphecoipflkohobanicpcnigmlao
Deletedo [Extension] : mdfkecigemdbccomnkphghafakdglkic
Deletedo [Extension] : ogomlecekhkleobibcakjipomkejfick
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [44700 octets] - [27/06/2014 21:41:37]
AdwCleaner[S0].txt - [41712 octets] - [27/06/2014 21:48:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41773 octets] ##########

 No seu PC está constando o antivirus Baidu instalado. Você quer removê-lo ou quer continuar com ele? Seja qual for a sua resposta para esta pergunta, siga também as dicas abaixo:

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

max , preciso remover o hao 123 ele nao desinstala pelo remover programas  

Siga as dicas que te passei na resposta acima e responda a pergunta que te fiz.

desculpa nao tinha visto a pergunta     é claro que quero remover!!

Siga então os procedimentos que te passei com o Zoek e poste o relatório dele.

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by win on 27/06/2014 at 22:10:24,56.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27/06/2014 22:11:27 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util NetCrawl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util NetCrawl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update NetCrawl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update NetCrawl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update NetCrawl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update NetCrawl deleted successfully

==== Deleting Files \ Folders ======================

C:\Windows\system32\appdata deleted
C:\Program Files\Fraven 1.1 deleted
C:\Program Files\Plus-HD-V1.6 deleted
C:\PROGRA~2\3bb21f3c3947cc4b deleted
C:\Program Files\VideoPlayer deleted
C:\Program Files\WS-Enabler deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\SetApp deleted
C:\PROGRA~2\Baidu deleted
C:\PROGRA~2\InstallMate deleted
C:\Windows\System32\Tasks\SystemSockets deleted
C:\Windows\System32\Tasks\Browser Updater deleted
C:\Users\win\Downloads\rcpsetupdsnr_ds15720427 (1).exe deleted
C:\Users\win\Downloads\rcpsetupdsnr_ds15720427.exe deleted
C:\Users\win\Searches deleted
C:\Windows\system32\tasks\ProtectedSearch deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Windows\Launcher.exe deleted
C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw.sys deleted
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w.sys deleted
C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys deleted
C:\Windows\system32\sasnative32.exe deleted
"C:\Program Files\NetCrawl\updateNetCrawl.exe" deleted
"C:\Program Files\NetCrawl\updateNetCrawl.exe" deleted
"C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe" deleted
"C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe" deleted
"C:\Program Files\NetCrawl\bin\utilNetCrawl.exe" deleted
"C:\Program Files\NetCrawl\bin\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}.dll" deleted
"C:\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe" deleted
"C:\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe" deleted
"C:\Program Files\NetCrawl\bin\utilNetCrawl.exe" deleted
"C:\Program Files\NetCrawl\bin\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}.dll" deleted
"C:\Program Files\NetCrawl" not deleted
"C:\Program Files\NetCrawl" not deleted
"C:\Program Files\NetCrawl\bin" not deleted
"C:\Program Files\NetCrawl\bin" not deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-02-09 01:08:35 2014-06-27 18:52:01 -------- d--h--w- C:\Program Files\Baidu Security
2014-02-09 01:08:36 2014-06-26 14:39:44 -------- d--h--w- C:\Program Files\Baidu Security\Baidu Antivirus
2013-11-17 20:49:58 2014-05-21 18:33:36 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-09 01:09:08 2014-05-02 00:51:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-05-21 18:33:31 2014-05-21 18:33:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2013-11-17 20:49:58 2014-05-21 18:33:36 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-09 01:09:08 2014-05-02 00:51:21 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-05-21 18:33:31 2014-05-21 18:33:31 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-06-28 00:57:14 2014-06-28 00:57:14 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-02-09 01:07:06 2014-05-21 18:33:20 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-06-28 00:01:23 2014-06-28 00:01:23 -------- d-----w- C:\Users\win\AppData\Local\Temp\%APPDATA%\baidu
2014-02-09 01:07:06 2014-05-21 18:33:04 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security
2014-02-09 01:12:29 2014-05-02 00:51:27 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-09 01:12:30 2014-05-02 00:51:27 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-21 18:33:30 2014-05-21 18:33:31 -------- d-----w- C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-21 18:33:30 2014-05-21 18:33:30 -------- d-----w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 01:25:37 2014-06-28 01:25:37 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================


--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-02-09 01:09:08
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-02-09 01:09:08
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


--- C:\Users\win\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.7.72269.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 4.0.7.72269
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 22038328
Created time: 2014-06-27 18:53:11
Modified time: 2014-06-27 18:53:11
MD5: D5713909916843913443ABA257418338
SHA1: 4B6522570E673B83F53B415D205D3B98541664CE


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-02-08 02-09-30-0594-[6087].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-10-22-0441-[6257].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-02-08 02-10-48-0861-[6342].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-08 02-11-22-0335-[6453].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-01 03-15-20-0241-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-15-20-0275-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-02 03-54-47-0666-[19020].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-06 05-36-09-0515-[30794].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-07 05-17-25-0545-[26114].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-09 05-06-51-0515-[22024].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-10 05-42-55-0560-[32336].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-12 05-44-43-0515-[9657].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-13 05-06-59-0546-[19765].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-15 05-01-11-0451-[16609].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-17 05-14-58-0536-[29046].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-05-19 05-26-39-0086-[26815].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-43-04-0279-[12266].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-18-30-0917-[0697].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-53-05-0179-[26729].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-21 05-16-20-0133-[6018].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-16-57-0765-[6139].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-05-21 05-17-31-0236-[6250].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-21 05-17-42-0671-[6286].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-24-46-0219-[21926].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"BaiduTn"="tn=incore_pay_sc_05_hao123_br"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"NewBaiduTn"="tn=incore_pay_sc_05_hao123_br"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\LastReportTime]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]
"c:\\users\\win\\appdata\\roaming\\baidu security\\pc app store\\rpdata"="http://sync.security.baidu.co.th/cgi-bin-py/get_appstore_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"DisplayIcon"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\""

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"Publisher"="Baidu Online Network Technology (Beijing) Co., Ltd."

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"UninstallString"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\" -uninstall "

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jlceijfdfeghdhmmbhbcffanmcggoojf - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d687747-ed29-4f98-ae2d-ea537ec4ea34} deleted successfully
HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769a91da-209f-47fe-88b9-b0321b0982c8} deleted successfully
HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{769a91da-209f-47fe-88b9-b0321b0982c8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0d687747-ed29-4f98-ae2d-ea537ec4ea34} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d687747-ed29-4f98-ae2d-ea537ec4ea34} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{769a91da-209f-47fe-88b9-b0321b0982c8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0d687747-ed29-4f98-ae2d-ea537ec4ea34} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\win\AppData\Local\Temp\%APPDATA%\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\win\AppData\Local\Temp\%APPDATA%\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13979;https=127.0.0.1:13979"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fraven 1.1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-V1.6 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f1cfa3d2-566f-477b-8466-6cffc01ae981}_is1 deleted successfully

==== Empty IE Cache ======================

C:\\Users\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\\Users\win\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=225 folders=36 107045564 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\win\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\\Users\win\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\NetCrawl" not found
"C:\Program Files\NetCrawl" not found

==== EOF on 27/06/2014 at 22:31:25,67 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by win on 28/06/2014 at 8:19:36,57.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-28-013125.log 38088 bytes

==== System Restore Info ======================

28/06/2014 08:20:39 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.5.1.6049} deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCAppStoreSvc_{PCAppStore_4.5.1.6049} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Application Bug\Bav\log\iexplore.exe]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"BaiduTn"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
"NewBaiduTn"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\LastReportTime]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]
"c:\\users\\win\\appdata\\roaming\\baidu security\\pc app store\\rpdata"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]
"url"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]
"url"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"DisplayIcon"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"Publisher"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"UninstallString"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Deleting Files \ Folders ======================

C:\Users\Public\Documents\Baidu Security not found
C:\Users\win\AppData\Local\Temp\%APPDATA%\baidu not found
"C:\Users\win\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.7.72269.exe" not found
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\win\AppData\Roaming\Baidu Security deleted
C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\AppStoreUtilExe.exe" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\DataReport.dll" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\log.dll" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files\Baidu Security" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\PC App Store" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-02-09 01:08:35 2014-06-28 11:23:06 -------- d-----w- C:\Program Files\Baidu Security
2014-02-09 01:08:36 2014-06-28 11:23:05 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-28 01:31:26 2014-06-28 01:31:26 -------- d-----w- C:\ProgramData\Baidu
2014-06-28 01:31:26 2014-06-28 01:31:26 -------- d-----w- C:\Users\All Users\Baidu
2014-06-28 11:23:03 2014-06-28 11:23:03 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-28 11:22:42 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 11:22:42 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 11:22:47 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-28 11:22:48 2014-06-28 11:22:54 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-28 11:22:55 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:56 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 11:22:54 2014-06-28 11:22:54 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 01:25:37 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:47
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=615 folders=162 432039054 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files\Baidu Security" not found
"C:\Program Files\Baidu Security\Baidu Antivirus" not found

==== EOF on 28/06/2014 at 8:29:58,23 ======================

e agora max qual o procedimento para remover badu?

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by win on 28/06/2014 at 10:23:40,05.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-28-013125.log 38088 bytes
C:\zoek-results2014-06-28-112958.log 32537 bytes

==== System Restore Info ======================

28/06/2014 10:24:28 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943742]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\33943789]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security not found
C:\Program Files\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted
C:\Users\win\AppData\Roaming\Baidu Security deleted
C:\Windows\system32\appdata deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-28 13:01:03 2014-06-28 13:01:03 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687
2014-06-28 13:01:03 2014-06-28 13:15:03 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-28 12:55:54 2014-06-28 12:55:54 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-28 12:55:56 2014-06-28 12:55:56 -------- d-----w- C:\Users\win\AppData\Local\Temp\baidu_secure
2014-06-28 13:01:31 2014-06-28 13:01:31 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu
2014-06-28 13:01:31 2014-06-28 13:01:31 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu\Baidu Antivirus
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-28 11:22:42 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-28 11:22:42 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-28 11:22:47 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-28 11:22:48 2014-06-28 11:23:03 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-28 11:22:55 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:56 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 11:22:54 2014-06-28 11:22:54 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 12:57:23 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================


--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:00:49
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:00:49
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\Users\win\AppData\Roaming\Microsoft\Windows\Cookies\win@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 12:58:30
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:47
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=629 folders=174 437281416 bytes)

==== EOF on 28/06/2014 at 10:26:22,45 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 22-06-2014
Tool run by win on 28/06/2014 at 10:37:50,39.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-28-013125.log 38088 bytes
C:\zoek-results2014-06-28-112958.log 32537 bytes
C:\zoek-results2014-06-28-132622.log 9389 bytes

==== System Restore Info ======================

28/06/2014 10:38:32 Zoek.exe System Restore Point Created Succesfully.

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu-Security-2014-4.4.4.73687 deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\win\AppData\Local\Temp\baidu_secure deleted
C:\Users\win\AppData\Roaming\Baidu deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-28 11:22:42 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 13:38:48 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-06-28 13:39:11 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-28 11:22:42 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:47 2014-06-28 11:22:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-28 11:22:47 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 12:55:54 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Local_Temp_baidu_secure
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu
2014-06-28 11:22:48 2014-06-28 11:23:03 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-28 11:22:55 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:56 2014-06-28 11:22:56 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 13:39:11 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-28 11:22:54 2014-06-28 11:22:54 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 12:57:23 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================


--- C:\Users\win\AppData\Roaming\Microsoft\Windows\Cookies\win@baidu[1].txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 12:58:30
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico_gray.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Cookies_win@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 13:39:19
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1


--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB


--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:47
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA


==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4254 folders=728 514149681 bytes)

==== EOF on 28/06/2014 at 10:40:51,66 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by win on 28/06/2014 at 10:51:18,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bc_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/06/2014 at 10:56:24,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.6.28.99 - Nicolas Coolman (28/06/2014)
~ Iniciado por win (28/06/2014 11:06:28)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 10 Plugin
Adobe Reader X - Português
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 255 GB (85%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WIN-PC
~ User Name: win
~ All Users Names: win, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\win\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\win\AppData\Roaming\
~ %Desktop% : C:\Users\win\Desktop\
~ %Favorites% : C:\Users\win\Favorites\
~ %LocalAppData% : C:\Users\win\AppData\Local\
~ %StartMenu% : C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 255 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 03:17:10.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.08/08/2013 - 09:43:27.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 03:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/11/2010 - 23:40:04.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.19/11/2010 - 23:42:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 03:30:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/169
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/84
~ Mon Bureau (My Desktop) : 2/1110
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.35309C8F5A5B166BD38C24A75B3D1D09] - (...) -- C:\Program Files\-NewPlayer\NewPlayerLwruQw.exe [100864] [PID.1948] =>Adware.NewPlayer
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.1160]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2708]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8072192] [PID.1488]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [jkkenjlnjfemconejajakbijbheoffli] Yoono Twitter Facebook LinkedIn Youtube v.165 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 29s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\prefs.js
M3 - MFPP: Plugins - [win] -- C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\searchplugins\Baixaki.xml
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: RoyalShoopperApp - {06E9CB26-D72E-B769-83A6-FE71603D8115} . (...) -- C:\ProgramData\RoyalShoopperApp\7PRt3zZZ.dll =>PUP.RoyalShopperApp
O2 - BHO: realudeaL - {2C863540-2388-AE9E-85C7-0355D7D4FE1F} . (...) -- C:\ProgramData\realudeaL\tAd.dll =>PUP.RealDeal
O2 - BHO: deallster - {4BB60AFA-882D-E4AB-C552-2BB282DE01DC} . (...) -- C:\ProgramData\deallster\GfWtAi.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [win]: Beamrise.lnk . (...) -- C:\Users\win\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: WS-Supporter (d926dfd5) . (...) - C:\Program Files\ws-ena~1\AssistantSvc.dll (.not file.) =>PUP.SaveClicker
O23 - Service: LocalServiceSystem (LocalServiceSystem) . (...) - C:\Windows\system32\LocalServer\service.exe
O23 - Service: NewPlayer (NewPlayer) . (...) - C:\Program Files\-NewPlayer\NewPlayerzh174.exe =>Adware.NewPlayer
~ Services: 4 Legitimates Filtered in 00mn 06s



---\\ Tarefas planificadas automaticamente (039)
[MD5.69397F2D47A6817BA48F09262BD3C68B] [APT] [NewPlayer Update] (...) -- C:\Program Files\-NewPlayer\NewPlayerw09.exe [270336] =>Adware.NewPlayer
[MD5.35309C8F5A5B166BD38C24A75B3D1D09] [APT] [NewPlayer_wd] (...) -- C:\Program Files\-NewPlayer\NewPlayerLwruQw.exe [100864] =>Adware.NewPlayer
[MD5.00000000000000000000000000000000] [APT] [PerfMonitor_strtp] (...) -- C:\Program Files\Optimizer Elite Max\PerformanceMonitor.exe (.not file.) [0] =>PUP.OptimizerEliteMax
[MD5.00000000000000000000000000000000] [APT] [{18A0287F-644E-44CD-A303-610869BBE3FC}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A8CFA98-5571-46AC-AD76-9F3145F12C4F}] (...) -- C:\Users\win\Desktop\THALES DUMBRA\18Wheels_of_Steel.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4187004199-1384422717-2217211338-1000Core [898]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4187004199-1384422717-2217211338-1000UA [920]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1046]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1050]
O39 - APT: NewPlayer Update - (...) -- C:\Windows\Tasks\NewPlayer Update.job [362] =>Adware.NewPlayer
O39 - APT: NewPlayer Update - (...) -- C:\Windows\System32\Tasks\NewPlayer Update [362] =>Adware.NewPlayer
O39 - APT: NewPlayer_wd - (...) -- C:\Windows\Tasks\NewPlayer_wd.job [352] =>Adware.NewPlayer
O39 - APT: NewPlayer_wd - (...) -- C:\Windows\System32\Tasks\NewPlayer_wd [352] =>Adware.NewPlayer
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\Tasks\PerfMonitor_strtp.job [270]
O39 - APT: PerfMonitor_strtp - (...) -- C:\Windows\System32\Tasks\PerfMonitor_strtp [270]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: ({57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw) . (. - .) - C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw.sys (.not file.)
O41 - Driver: ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w) . (. - .) - C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w.sys (.not file.)
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}w) . (. - .) - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys (.not file.)
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: NewPlayer - (.NewPlayer.) [HKLM] -- CDFB7BEB-D211-767F-8703-602643555B88 =>Adware.NewPlayer
O42 - Logiciel: RoyalShoopperApp - (.RaoyalSHopperAApp.) [HKLM] -- {F6423EE4-93D8-FA04-D09D-A8598F6EFDFD} =>PUP.RoyalShopperApp
O42 - Logiciel: Sistema Inteligente de Monitoramento - (.Ice.) [HKLM] -- {795DBE6F-834A-45AD-AAE1-4114D8B476E0}
O42 - Logiciel: deallster - (.dealSteR.) [HKLM] -- {5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
O42 - Logiciel: realudeaL - (.realudeal.) [HKLM] -- {730C1F02-ABB6-7601-60ED-659A59700742} =>PUP.RealDeal
~ Logic: 17 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\GbAs]
[HKCU\Software\NetCrawl]
[HKCU\Software\PCDataApp]
[HKLM\Software\NetCrawl]
[HKLM\Software\PCDataApp]
[HKLM\Software\Plus-HD-V1.6] =>Adware.PlusHD
[HKLM\Software\Sakura]
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\WS-Enabler] =>PUP.WowSearch
[HKLM\Software\helper_setup]
~ Key Software: 175 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/06/2014 - 10:13:20 - [] ----D C:\Program Files\-NewPlayer =>Adware.NewPlayer
O43 - CFD: 10/01/2014 - 21:28:24 - [] ----D C:\Program Files\FotoFlex
O43 - CFD: 26/05/2014 - 19:49:17 - [] ----D C:\Program Files\webrec
O43 - CFD: 26/06/2014 - 20:55:08 - [] ----D C:\Program Files\WindowsFaster
O43 - CFD: 22/06/2014 - 21:21:06 - [] ----D C:\ProgramData\deallster
O43 - CFD: 10/06/2014 - 00:15:46 - [] ----D C:\ProgramData\realudeaL =>PUP.RealDeal
O43 - CFD: 10/06/2014 - 00:05:32 - [] ----D C:\ProgramData\RoyalShoopperApp =>PUP.RoyalShopperApp
O43 - CFD: 19/05/2014 - 10:40:25 - [] ----D C:\Users\win\AppData\Local\com
O43 - CFD: 08/02/2014 - 22:50:08 - [0] ----D C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil
~ Program Folder: 150 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 25/06/2014 - 00:31:22 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.DBCA7B6F86979316686D23C9255E91D7] - 27/06/2014 - 20:45:27 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151750]
O44 - LFC:[MD5.CB2740AA8C5459A7F037DAD208030F39] - 27/06/2014 - 20:45:27 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [715478]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/06/2014 - 20:58:23 ---A- . (...) -- C:\Windows\System32\s.o [0]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/06/2014 - 21:45:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.230A35E3B8BF08549F7F5823EB9008B2] - 27/06/2014 - 22:26:03 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.A3311E14C5130551CACFE013D731C955] - 27/06/2014 - 22:31:25 ---A- . (...) -- C:\zoek-results2014-06-28-013125.log [38088]
O44 - LFC:[MD5.184BEDF358F02537B959EC249C22B922] - 28/06/2014 - 08:29:58 ---A- . (...) -- C:\zoek-results2014-06-28-112958.log [32537]
O44 - LFC:[MD5.8B17B828F234DCBE2C9DC3D9384BC63F] - 28/06/2014 - 10:26:22 ---A- . (...) -- C:\zoek-results2014-06-28-132622.log [9389]
O44 - LFC:[MD5.6CC22A55D4D1ACFF6BFAF02766D155EC] - 28/06/2014 - 10:40:51 ---A- . (...) -- C:\zoek-results.log [10115]
~ Files: 21 Legitimates Filtered in 00mn 11s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 11:14:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [43840]
O58 - SDL:21/01/2014 - 11:14:48 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [27456]
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:21/01/2014 - 07:01:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [135488]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 70 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 26/08/2010 - C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) .(.CyberLink Corp. - No Comment.) - LEGACY_{1BA31E5A-C098-42D8-8F88-3C9F78A2FDDC}
~ Legacy: 85 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} [DefaultScope] - (Baixaki) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.E2A8903E800D7B03E985353D95092E0D] [SPRF][28/03/2014] (...) -- C:\Users\win\AppData\Roaming\unins001.dat [16390]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][27/06/2014] (...) -- C:\Users\win\Desktop\zoek.exe [1285120]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9CD5109EF7367DF192989B4D26B0E344] [WIS][18/11/2013] (.BonanzaDeals - Google Update Helper.) -- C:\Windows\Installer\811683.msi [40960] =>Adware.BonanzaDeals
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASAPI32 =>Hijacker.Beamrise
HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASMANCS =>Hijacker.Beamrise
HKLM\SOFTWARE\Microsoft\Tracing\Feven 1_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Microsoft\Tracing\Feven 1_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2810-7318364c_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2810-7318364c_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\JumpFlipSetup_RASAPI32 =>PUP.JumpFlip
HKLM\SOFTWARE\Microsoft\Tracing\JumpFlipSetup_RASMANCS =>PUP.JumpFlip
HKLM\SOFTWARE\Microsoft\Tracing\JumpFlip_Setup_RASAPI32 =>PUP.JumpFlip
HKLM\SOFTWARE\Microsoft\Tracing\JumpFlip_Setup_RASMANCS =>PUP.JumpFlip
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14656_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14656_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_Setup_UN_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_Setup_UN_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerChecker_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerChecker_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32 =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Microsoft\Tracing\Plus-HD-V1_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Microsoft\Tracing\Plus-HD-V1_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
~ BTK: 402 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 6348 Legitimates Filtered in 00mn 27s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (d926dfd5) . (...) - C:\Program Files\ws-ena~1\AssistantSvc.dll
SS - | Auto 12/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 20/06/2014 168448 | (NewPlayer) . (...) - C:\Program Files\-NewPlayer\NewPlayerzh174.exe =>Adware.NewPlayer
SS - | Disabled 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/02/2014 89992 | (LocalServiceSystem) . (...) - C:\Windows\system32\LocalServer\service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/08/2010 87536 | ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: Scanned in 00mn 29s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/06/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 11

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E9CB26-D72E-B769-83A6-FE71603D8115}] =>PUP.RoyalShopperApp^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C863540-2388-AE9E-85C7-0355D7D4FE1F}] =>PUP.RealDeal^
[HKLM\SYSTEM\CurrentControlSet\Services\d926dfd5] =>PUP.SaveClicker^
[HKLM\SYSTEM\CurrentControlSet\Services\NewPlayer] =>Adware.NewPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CDFB7BEB-D211-767F-8703-602643555B88] =>Adware.NewPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}] =>PUP.RoyalShopperApp^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730C1F02-ABB6-7601-60ED-659A59700742}] =>PUP.RealDeal^
C:\Program Files\-NewPlayer =>Adware.NewPlayer^
C:\ProgramData\realudeaL =>PUP.RealDeal^
C:\ProgramData\RoyalShoopperApp =>PUP.RoyalShopperApp^
C:\Program Files\-NewPlayer\NewPlayerLwruQw.exe =>Adware.NewPlayer^
C:\Program Files\-NewPlayer\NewPlayerw09.exe =>Adware.NewPlayer^
C:\Windows\Tasks\NewPlayer Update.job =>Adware.NewPlayer^
C:\Windows\System32\Tasks\NewPlayer Update =>Adware.NewPlayer^
C:\Windows\Tasks\NewPlayer_wd.job =>Adware.NewPlayer^
C:\Windows\System32\Tasks\NewPlayer_wd =>Adware.NewPlayer^
[HKLM\Software\Plus-HD-V1.6] =>Adware.PlusHD^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\WS-Enabler] =>PUP.WowSearch^
C:\Windows\Installer\811683.msi =>Adware.BonanzaDeals^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 209034 Items scanned in 00mn 43s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveClicker
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerEliteMax
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ShoppingReport
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WowSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.JumpFlip
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 15 link(s) detected in 00mn 00s



~ 693 Legitimates filtered by white list
End of the scan (537 lines in 03mn 03s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

quando clico em importar aparece uma mensagem de advertencia

a mensagem de advertência deve ser porque você não selecionou e copiou todo o texto em vermelho que te passei. É bem fácil de fazer este procedimento, siga o passo a passo que te passei acima.

Primeiro você selecione e copie todo o texto vermelho e depois usa o ZHPfix como te passei acima.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by win at 28/06/2014 13:22:22
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\-newplayer\uninstall.exe
AUSENTE Uninstall Process: c:\programdata\royalshoopperapp\7prt3zzz.exe
AUSENTE Uninstall Process: c:\programdata\deallster\gfwtai.exe
AUSENTE Uninstall Process: c:\programdata\realudeal\tad.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CDFB7BEB-D211-767F-8703-602643555B88]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730C1F02-ABB6-7601-60ED-659A59700742}]
ELIMINÉ: Service: d926dfd5
ELIMINÉ Driver Key: {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw
ELIMINÉ Driver Key: {9edd0ea8-2819-47c2-8320-b007d5996f8a}w
ELIMINÉ Driver Key: {a3f28269-ad17-41a8-b032-3e0313ef8979}w
ELIMINÉ: HKCU\Software\NetCrawl
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKLM\Software\NetCrawl
ELIMINÉ: HKLM\Software\PCDataApp
ELIMINÉ: HKLM\Software\Plus-HD-V1.6
ELIMINÉ: HKLM\Software\SiteFinder
ELIMINÉ: HKLM\Software\WS-Enabler
ELIMINÉ: HKLM\Software\helper_setup
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Feven 1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Feven 1_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2810-7318364c_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2810-7318364c_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\JumpFlipSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\JumpFlipSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\JumpFlip_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\JumpFlip_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14656_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14656_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_Setup_UN_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_Setup_UN_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerChecker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerChecker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Optimizer Elite Max_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Plus-HD-V1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Plus-HD-V1_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VOPackage_RASMANCS
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\beamrise.lnk
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\users\win\appdata\roaming\mozilla\firefox\profiles\i2lhqlb3.default\searchplugins\baixaki.xml
ELIMINÉ: C:\Windows\Installer\811683.msi
ELIMINÉ: c:\users\win\desktop\internet explorer.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\Desktop\Internet Explorer.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\internet explorer.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\internet explorer.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\windows\start menu\programs\internet explorer (64-bit).lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\internet explorer (64-bit).lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\win\desktop\mozilla firefox.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\Desktop\Mozilla Firefox.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\mozilla firefox.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
ELIMINÉ: c:\users\win\desktop\google chrome.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\Desktop\Google Chrome.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\windows\start menu\programs\google chrome.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\google chrome.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
ELIMINÉ: c:\users\win\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk ((http://isearch.omiga-plus.com/?type=sc&ts=1403971449&from=tugs&uid=ST320LM001XHN-M320MBB_S2SNJ5FC411156))
CRIADO: C:\Users\win\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
ELIMINÉ Temporários windows (271) (98.413.931 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: NewPlayer Update
ELIMINÉ: NewPlayer Update
ELIMINÉ: NewPlayer_wd
ELIMINÉ: NewPlayer_wd
ELIMINÉ: PerfMonitor_strtp
ELIMINÉ: {18A0287F-644E-44CD-A303-610869BBE3FC}
ELIMINÉ: {5A8CFA98-5571-46AC-AD76-9F3145F12C4F}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
41 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
43 : Ficheiros
4 : Softwares
7 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 59s

========== Caminho do ficheiro do relatório ==========
C:\Users\win\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/06/2014 12:42:20 [591]
C:\Users\win\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/06/2014 13:22:26 [9945]

agora instalou um navegador omiga plus q tambem nao desistala pelo painel de controle