Re: notbook muito lento

por **Power Max** Sáb 28 Jun 2014, 13:52

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por smurff Sáb 28 Jun 2014, 14:37

agora lascou notbook muito lento - Página 2 335764

fui instalar ie 10 e junto instalou novamente aquela praa do baidu novamente.

~ Relatório do ZHPDiag v2014.6.28.99 - Nicolas Coolman (28/06/2014)
~ Iniciado por win (28/06/2014 14:04:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v35.0.1916.153

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.15

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader X - Português
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 255 GB (85%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WIN-PC
~ User Name: win
~ All Users Names: win, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\win\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\win\AppData\Roaming\
~ %Desktop% : C:\Users\win\Desktop\
~ %Favorites% : C:\Users\win\Favorites\
~ %LocalAppData% : C:\Users\win\AppData\Local\
~ %StartMenu% : C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 255 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 03:17:10.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.08/08/2013 - 09:43:27.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 03:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.1151FD4FB0216CFED887BFDE29EBD516] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/11/2010 - 23:40:04.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.B272B4C3E085EA860C12F2E4FAF2FFA2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.19/11/2010 - 23:42:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 03:30:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 03s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/169
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 1/84
~ Mon Bureau (My Desktop) : 2/1112
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 05s

---\\ Processos lançados
[MD5.379F6A7755F0393B628DA528751282C1] - (...) -- C:\Users\win\AppData\Local\fabulous_06281602\fabulous_06281602.exe [1499136] [PID.11132]
[MD5.A77F1EED19B02B001A34E4040F9E82D8] - (.No owner - install.) -- C:\Users\win\AppData\Roaming\VOPackage\VOPackage.exe [287467] [PID.1856] =>Adware.Downware
[MD5.197EE6739752FD17ABA591B85D974357] - (...) -- C:\Program Files\fst_br_194\fst_br_194.exe [3978744] [PID.11264]
[MD5.73A0978D97B1F437AD7F26CE2556A51B] - (...) -- C:\Users\win\AppData\Local\fst_br_194\upfst_br_194.exe [3354616] [PID.9832]
[MD5.F1C00982ACD3CC056EB2AFC7E98AC17C] - (...) -- C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072] [PID.1388] =>PUP.BlockAndSurf
[MD5.F2AA5418AAC80D43F18983A334A9DEA0] - (...) -- C:\Program Files\-BlockAndSurfS\wdBlockAndSurfS.exe [100864] [PID.9800] =>PUP.BlockAndSurf
[MD5.3EC6E46B94D60818DAB4ACE227DC4565] - (.Microsoft Corporation - Utilitário de Instalação do Windows Interne.) -- C:\Users\win\Downloads\internet-explorer-10-10-0-9200-16521-32-bits [1].exe [23644672] [PID.8912]
[MD5.CACFE0C9EBB429A6502BBA57BA2D3D22] - (.No owner - Generic Setup Component.) -- C:\Users\win\AppData\Local\Temp\nsz482B.tmp [172008] [PID.16280]
[MD5.4073BC1CFCE95F99E9BA36EC8EAE7C3E] - (...) -- C:\Users\win\AppData\Local\Temp\nsp3CE5.tmp [588519] [PID.5260]
[MD5.12EBB4033AC56C124E0553B9F444CEB6] - (.Baidu.com - hao123 Desktop Shortcut.) -- C:\Users\win\AppData\Local\Temp\%APPDATA%\baidu\hao123-br\hao123.1.0.0.1111.exe [639816] [PID.316]
[MD5.D76A620F123A4202057E582C55E2602A] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\bavtray.exe [1704296] [PID.7072]
[MD5.3DD5FB1B7D48D2233CDCAD7FF5EC045F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8072192] [PID.9172]
[MD5.4087F52A17EB28592A7DC0D8440A980E] - (.Microsoft Corporation - Utilitário de Atendimento da Imagem Dism.) -- C:\Windows\System32\dism.exe [202752] [PID.6808]
[MD5.F7B53B4BD50C13D17F5C54F82CDE7836] - (.Microsoft Corporation - Dism Host Servicing Process.) -- C:\Users\win\AppData\Local\Temp\BBC84A5A-3E46-402E-9030-DB125DCEBCB1\dismhost.exe [82944] [PID.10888]
~ Processes Running: Scanned in 00mn 02s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\prefs.js
C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\user.js
M0 - MFSP: prefs.js [win - i2lhqlb3.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 10 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14372;https=127.0.0.1:14372 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CrossriderApp0059599 - {11111111-1111-1111-1111-110511951199} . (.enter - video MediaPlayer BHO.) -- C:\Program Files\video MediaPlayer\video MediaPlayer-bho.dll =>PUP.CrossRider
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: ToggleMark - {dc59a866-959c-4638-a191-c13177d0bd68} . (.ToggleMark - ToggleMark.) -- C:\Program Files\ToggleMark\ToggleMarkbho.dll
O2 - BHO: BlockAndSurf - {EC0AC198-6E89-B800-6267-3FB03AC713AB} . (...) -- C:\Program Files\-BlockAndSurfS\174.dll =>PUP.BlockAndSurf
~ BHO: 16 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [win]: SpeedUpMyPC.lnk . (.Uniblue Systems Limited - Uniblue SpeedUpMyPC.) -- C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe =>PUP.SpeedUpMyPC
O4 - GS\TaskBar [win]: Internet Explorer (10).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (11).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (4).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (5).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (6).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (7).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer ( Cool

.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O4 - GS\TaskBar [win]: Internet Explorer (9).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
~ Global Startup: 11 Legitimates Filtered in 00mn 04s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [fst_br_193] Chave orfã
O4 - HKLM\..\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Run: [fst_br_194] . (...) -- C:\Program Files\fst_br_194\fst_br_194.exe
O4 - HKLM\..\Run: [AnyProtect Scanner] C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) =>PUP.AnyProtect
O4 - HKLM\..\Run: [AnyProtect Tray] C:\Program Files\AnyProtectEx\AnyProtectTrayIcon.exe (.not file.) =>PUP.AnyProtect
O4 - HKLM\..\RunOnce: [VOPackage] . (.No owner - install.) -- C:\Users\win\AppData\Roaming\VOPackage\VOPackage.exe =>Adware.Downware
O4 - HKLM\..\RunOnce: [upfst_br_194.exe] . (...) -- C:\Users\win\AppData\Local\fst_br_194\upfst_br_194.exe
O4 - HKCU\..\Run: [fabulous_06281602] . (...) -- c:\users\win\appdata\local\fabulous_06281602\fabulous_06281602.exe
O4 - HKCU\..\Run: [BlockAndSurf] . (...) -- C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe =>PUP.BlockAndSurf
O4 - HKCU\..\RunOnce: [hao123Setting] . (...) -- C:\Users\win\AppData\Local\Temp\bdg1F16.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4187004199-1384422717-2217211338-1000\..\Run: [fabulous_06281602] . (...) -- c:\users\win\appdata\local\fabulous_06281602\fabulous_06281602.exe
O4 - HKUS\S-1-5-21-4187004199-1384422717-2217211338-1000\..\Run: [BlockAndSurf] . (...) -- C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe =>PUP.BlockAndSurf
O4 - HKUS\S-1-5-21-4187004199-1384422717-2217211338-1000\..\RunOnce: [hao123Setting] . (...) -- C:\Users\win\AppData\Local\Temp\bdg1F16.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1971327-34D5-498C-A339-15248F577771}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{F1642121-4782-4AB8-AA66-FBA898193C4D}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files\SupTab\SearchProtect32.dll =>PUP.SearchProtect
~ AppInit DLL: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
O23 - Service: BlockAndSurf (BlockAndSurf) . (...) - C:\Program Files\-BlockAndSurfS\BlockAndSurfaf174.exe =>PUP.BlockAndSurf
O23 - Service: bSTHJkkVfqB (bSTHJkkVfqB) . (.Deals Interactive Media, LLC - Radsteroids Service.) - C:\ProgramData\eXJwgoULDip\bSTHJkkVfqB.exe =>PUP.RadSteroids
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
O23 - Service: LocalServiceSystem (LocalServiceSystem) . (...) - C:\Windows\system32\LocalServer\service.exe
O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) . (.No owner - NewPlayerUpdaterService.) - C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer
O23 - Service: VO Service component (servervo) . (...) - C:\Users\win\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
O23 - Service: Update ToggleMark (Update ToggleMark) . (...) - C:\Program Files\ToggleMark\updateToggleMark.exe
O23 - Service: WindowsProtectManger Service (WindowsProtectManger) . (.Fuyu LIMITED - WindowsProtectManger Service.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
~ Services: 13 Legitimates Filtered in 00mn 28s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0] =>PUP.AnyProtect
[MD5.DA730A0D6165AF7DA5633ABE60868585] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-1] (.enter.) -- C:\Program Files\video MediaPlayer\video MediaPlayer-codedownloader.exe [512024]
[MD5.D15290A946963ADD083D5EB33C6ADBC0] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-11] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-11.exe [1908760]
[MD5.B946DFE94AD5697385D9B5D623F3DC7B] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-2] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-2.exe [360984]
[MD5.D15290A946963ADD083D5EB33C6ADBC0] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-3] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-3.exe [1908760]
[MD5.EA80FEE4382EA93F0CC31DD24BCE5CAD] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-4] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-4.exe [840216]
[MD5.F7211669CC9BA3D69B70AD3E83875F9D] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-5] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-5.exe [453656]
[MD5.F7211669CC9BA3D69B70AD3E83875F9D] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-5_user] (.enter.) -- C:\Program Files\video MediaPlayer\b64e9e67-5c81-4488-bda7-cf1337219a7c-5.exe [453656]
[MD5.DA730A0D6165AF7DA5633ABE60868585] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-6] (.enter.) -- C:\Program Files\video MediaPlayer\video MediaPlayer-novainstaller.exe [512024]
[MD5.6B4EC00CB925556398FF5E73DCB05FA5] [APT] [b64e9e67-5c81-4488-bda7-cf1337219a7c-7] (.enter.) -- C:\Program Files\video MediaPlayer\video MediaPlayer-nova.exe [592408]
[MD5.B269D6C6957BE7C32633C197F6CD0F56] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavUpdater.exe [2883736]
[MD5.B3DB8865AA649A6E22BB275806C21A01] [APT] [BlockAndSurf Update] (...) -- C:\Program Files\-BlockAndSurfS\appBlockAndSurfG58.exe [313856] =>PUP.BlockAndSurf
[MD5.F2AA5418AAC80D43F18983A334A9DEA0] [APT] [BlockAndSurf_wd] (...) -- C:\Program Files\-BlockAndSurfS\wdBlockAndSurfS.exe [100864] =>PUP.BlockAndSurf
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366] =>PUP.AnyProtect
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [366] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364] =>PUP.AnyProtect
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [364] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364] =>PUP.AnyProtect
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [364] =>PUP.AnyProtect
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-1 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-1.job [1670] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-1 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-1 [1670] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-11 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-11.job [3788]
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-11 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-11 [3788]
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-2 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-2.job [1438] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-2 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-2 [1438] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-3 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-3.job [2418] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-3 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-3 [2418] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-4 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-4.job [2296] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-4 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-4 [2296] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-5 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5.job [1520] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-5 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5 [1520] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-5_user - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5_user.job [1538]
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-5_user - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5_user [1538]
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-6 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-6.job [1664] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-6 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-6 [1664] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-7 - (.enter.) -- C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-7.job [1594] =>PUP.CrossRider
O39 - APT: b64e9e67-5c81-4488-bda7-cf1337219a7c-7 - (.enter.) -- C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-7 [1594] =>PUP.CrossRider
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\Tasks\BlockAndSurf Update.job [390] =>PUP.BlockAndSurf
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\System32\Tasks\BlockAndSurf Update [390] =>PUP.BlockAndSurf
O39 - APT: BlockAndSurf_wd - (...) -- C:\Windows\Tasks\BlockAndSurf_wd.job [368] =>PUP.BlockAndSurf
O39 - APT: BlockAndSurf_wd - (...) -- C:\Windows\System32\Tasks\BlockAndSurf_wd [368] =>PUP.BlockAndSurf
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4187004199-1384422717-2217211338-1000Core [898]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4187004199-1384422717-2217211338-1000UA [920]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [882]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [882]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [886]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [886]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1046]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1050]
O39 - APT: - (..) -- C:\Windows\Tasks\SpeedUpMyPC Maintenance.job [262] =>PUP.SpeedUpMyPC
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance [262] =>PUP.SpeedUpMyPC
O39 - APT: - (..) -- C:\Windows\Tasks\SpeedUpMyPC Startup.job [262] =>PUP.SpeedUpMyPC
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SpeedUpMyPC Startup [262] =>PUP.SpeedUpMyPC
~ Scheduled Task: 62 Legitimates Filtered in 00mn 32s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\Windows\System32\drivers\bnbasex.sys
O41 - Driver: (Bndef) . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - C:\Windows\system32\drivers\bndef.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: ({57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw) . (. - .) - C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw.sys (.not file.)
O41 - Driver: ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w) . (. - .) - C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w.sys (.not file.)
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}w) . (. - .) - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys (.not file.)
~ Drivers: 76 Legitimates Filtered in 00mn 04s

---\\ Software instalados (042)
O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM] -- B6EAC032-AEE4-75F4-BCBF-69A93D1B1C82 =>PUP.BlockAndSurf
O42 - Logiciel: Discounts fabulous - (...) [HKCU] -- fabulous_06281602
O42 - Logiciel: Hao123-Client - (.Baidu Online Network Technology (Beijing) Co., Ltd..) [HKCU] -- hao123desk-br
O42 - Logiciel: Installer - (...) [HKLM] -- VOPackage =>Adware.Downware
O42 - Logiciel: NewPlayer - (...) [HKLM] -- NewPlayer =>Adware.NewPlayer
O42 - Logiciel: Radsteroids - (.Deals Interactive Media, LLC.) [HKLM] -- Radsteroids =>PUP.RadSteroids
O42 - Logiciel: Sistema Inteligente de Monitoramento - (.Ice.) [HKLM] -- {795DBE6F-834A-45AD-AAE1-4114D8B476E0}
O42 - Logiciel: ToggleMark - (.ToggleMark.) [HKLM] -- ToggleMark
O42 - Logiciel: WindowsProtectManger20.0.0.401 - (.Fuyu LIMITED.) [HKLM] -- WindowsProtectManger =>PUP.Fuyu
O42 - Logiciel: fst_br_194 - (.FREE_SOFTTODAY.) [HKLM] -- fst_br_194_is1
O42 - Logiciel: omiga-plus uninstaller - (.omiga-plus.) [HKLM] -- omiga-plus uninstaller =>Hijacker.OmigaPlus
O42 - Logiciel: video MediaPlayer - (.enter.) [HKLM] -- video MediaPlayer
~ Logic: 26 Legitimates Filtered in 00mn 02s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\38524InstEnd]
[HKCU\Software\AnyProtect] =>PUP.AnyProtect
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\GbAs]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\ToggleMark]
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive
[HKCU\Software\Tutorials] =>PUP.AgenceExclusive
[HKCU\Software\fabulous]
[HKLM\Software\Baidu Security]
[HKLM\Software\FREE_SOFTTODAY]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\MaxPower]
[HKLM\Software\Sakura]
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\Tutorials] =>PUP.AgenceExclusive
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\baidu]
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 214 Legitimates Filtered in 00mn 02s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/06/2014 - 13:49:27 - [] ----D C:\Program Files\-BlockAndSurfS =>PUP.BlockAndSurf
O43 - CFD: 28/06/2014 - 13:47:14 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 28/06/2014 - 13:21:39 - [0] ----D C:\Program Files\deallster
O43 - CFD: 10/01/2014 - 21:28:24 - [] ----D C:\Program Files\FotoFlex
O43 - CFD: 28/06/2014 - 13:48:59 - [] ----D C:\Program Files\fst_br_194
O43 - CFD: 28/06/2014 - 13:05:32 - [] ----D C:\Program Files\NewPlayer =>Adware.NewPlayer
O43 - CFD: 28/06/2014 - 13:21:41 - [0] ----D C:\Program Files\realudeaL =>PUP.RealDeal
O43 - CFD: 28/06/2014 - 13:21:38 - [0] ----D C:\Program Files\RoyalShoopperApp =>PUP.RoyalShopperApp
O43 - CFD: 28/06/2014 - 13:59:28 - [0] ----D C:\Program Files\SiteLookup
O43 - CFD: 28/06/2014 - 13:06:18 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 28/06/2014 - 13:43:16 - [] ----D C:\Program Files\ToggleMark
O43 - CFD: 28/06/2014 - 13:07:16 - [] ----D C:\Program Files\video MediaPlayer
O43 - CFD: 26/05/2014 - 19:49:17 - [] ----D C:\Program Files\webrec
O43 - CFD: 26/06/2014 - 20:55:08 - [] ----D C:\Program Files\WindowsFaster
O43 - CFD: 28/06/2014 - 13:21:42 - [] ----D C:\ProgramData\3bb21f3c3947cc4b
O43 - CFD: 28/06/2014 - 13:47:28 - [] ----D C:\ProgramData\baidu
O43 - CFD: 28/06/2014 - 13:47:32 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 28/06/2014 - 13:44:42 - [] ----D C:\ProgramData\eXJwgoULDip
O43 - CFD: 28/06/2014 - 13:06:33 - [] ----D C:\ProgramData\IePluginServices =>Trojan.SProtector
O43 - CFD: 28/06/2014 - 13:48:29 - [] ----D C:\ProgramData\Radsteroids =>PUP.RadSteroids
O43 - CFD: 28/06/2014 - 13:05:49 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 28/06/2014 - 13:47:40 - [] ----D C:\Users\win\AppData\Roaming\Baidu
O43 - CFD: 28/06/2014 - 13:59:23 - [0] ----D C:\Users\win\AppData\Roaming\SimilarSites
O43 - CFD: 28/06/2014 - 13:05:47 - [0] ----D C:\Users\win\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 28/06/2014 - 13:39:00 - [] ----D C:\Users\win\AppData\Roaming\VOPackage =>Adware.Downware
O43 - CFD: 19/05/2014 - 10:40:25 - [] ----D C:\Users\win\AppData\Local\com
O43 - CFD: 28/06/2014 - 14:02:47 - [] ----D C:\Users\win\AppData\Local\fabulous_06281602
O43 - CFD: 28/06/2014 - 13:39:13 - [] ----D C:\Users\win\AppData\Local\freeSOFTtoday =>Adware.FreeSoftToday
O43 - CFD: 28/06/2014 - 13:52:25 - [] ----D C:\Users\win\AppData\Local\fst_br_194
O43 - CFD: 28/06/2014 - 14:00:16 - [] ----D C:\Users\win\AppData\Local\Radsteroids =>PUP.RadSteroids
O43 - CFD: 28/06/2014 - 13:51:31 - [0] ----D C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil
O43 - CFD: 28/06/2014 - 13:04:18 - [] ----D C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware
~ Program Folder: 178 Legitimates Filtered in 00mn 02s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 16/06/2014 - 09:08:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 25/06/2014 - 00:31:22 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]
O44 - LFC:[MD5.DBCA7B6F86979316686D23C9255E91D7] - 27/06/2014 - 20:45:27 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151750]
O44 - LFC:[MD5.CB2740AA8C5459A7F037DAD208030F39] - 27/06/2014 - 20:45:27 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [715478]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/06/2014 - 20:58:23 ---A- . (...) -- C:\Windows\System32\s.o [0]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 27/06/2014 - 21:45:57 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.230A35E3B8BF08549F7F5823EB9008B2] - 27/06/2014 - 22:26:03 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.A3311E14C5130551CACFE013D731C955] - 27/06/2014 - 22:31:25 ---A- . (...) -- C:\zoek-results2014-06-28-013125.log [38088]
O44 - LFC:[MD5.184BEDF358F02537B959EC249C22B922] - 28/06/2014 - 08:29:58 ---A- . (...) -- C:\zoek-results2014-06-28-112958.log [32537]
O44 - LFC:[MD5.8B17B828F234DCBE2C9DC3D9384BC63F] - 28/06/2014 - 10:26:22 ---A- . (...) -- C:\zoek-results2014-06-28-132622.log [9389]
O44 - LFC:[MD5.6CC22A55D4D1ACFF6BFAF02766D155EC] - 28/06/2014 - 10:40:51 ---A- . (...) -- C:\zoek-results.log [10115]
O44 - LFC:[MD5.E6B7DB757C25628AE985E952AD1BA0B3] - 28/06/2014 - 13:47:33 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O44 - LFC:[MD5.7EFD231BAA1A7ECF25AF075951D60906] - 28/06/2014 - 13:47:33 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O44 - LFC:[MD5.CB3E0EBD03C250170C4B4258F9264212] - 28/06/2014 - 13:47:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O44 - LFC:[MD5.70DDC28A7998907EC42E1C60899ACAA6] - 28/06/2014 - 13:47:39 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O44 - LFC:[MD5.4B9081B546A13B3AFB7C351C3B473C93] - 28/06/2014 - 13:47:42 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [157504]
O44 - LFC:[MD5.DCBB0BA7B067098D21D969ECF12BAD48] - 28/06/2014 - 14:05:13 ---A- . (...) -- C:\Windows\IE10_main.log [7058]
~ Files: 31 Legitimates Filtered in 00mn 38s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [48448]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [29504]
O58 - SDL:16/06/2014 - 09:08:16 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [94976]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\bnbasex.sys [70496]
O58 - SDL:27/05/2014 - 03:19:38 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\bndef.sys [51584]
O58 - SDL:13/06/2014 - 07:03:37 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [157504]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 72 Legitimates Filtered in 00mn 20s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 16/06/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdApiUtil.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 16/06/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O64 - Services: CurCS - 27/05/2014 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) - LEGACY_BNDEF
O64 - Services: CurCS - 13/06/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 92 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [win - i2lhqlb3.default] user_pref("extensions.crossrider.bic", "146e33e84ea6f30e40f885580c9065c2"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (omiga-plus) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.E2A8903E800D7B03E985353D95092E0D] [SPRF][28/03/2014] (...) -- C:\Users\win\AppData\Roaming\unins001.dat [16390]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][27/06/2014] (...) -- C:\Users\win\Desktop\zoek.exe [1285120]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AnyProtectScannerSetup_RASAPI32 =>PUP.AnyProtect
HKLM\SOFTWARE\Microsoft\Tracing\AnyProtectScannerSetup_RASMANCS =>PUP.AnyProtect
HKLM\SOFTWARE\Microsoft\Tracing\freeSoftToday_widget_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\freeSoftToday_widget_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
~ BTK: 460 Legitimates Filtered in 00mn 02s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220522952299}] (CrossriderApp0059599.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{EC0AC198-6E89-B800-6267-3FB03AC713AB}] (BlockAndSurf) =>PUP.BlockAndSurf
~ BCK: 6367 Legitimates Filtered in 00mn 39s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/06/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/06/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 28/06/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 12/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/06/2014 2038248 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BAVSvc.exe
SR - | Auto 16/06/2014 481432 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 28/06/2014 180224 | (BlockAndSurf) . (...) - C:\Program Files\-BlockAndSurfS\BlockAndSurfaf174.exe =>PUP.BlockAndSurf
SR - | Auto 28/06/2014 2316152 | (bSTHJkkVfqB) . (.Deals Interactive Media, LLC.) - C:\ProgramData\eXJwgoULDip\bSTHJkkVfqB.exe
SR - | Auto 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
SR - | Auto 08/02/2014 89992 | (LocalServiceSystem) . (...) - C:\Windows\system32\LocalServer\service.exe
SR - | Auto 05/05/2014 11776 | (NewPlayerUpdaterService) . (...) - C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe =>Adware.NewPlayer
SR - | Auto 28/06/2014 73216 | (servervo) . (...) - C:\Users\win\AppData\Roaming\VOPackage\VOsrv.exe =>Adware.Downware
SR - | Auto 27/06/2014 318752 | (Update ToggleMark) . (...) - C:\Program Files\ToggleMark\updateToggleMark.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/06/2014 591776 | (WindowsProtectManger) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
SR - | Auto 26/08/2010 87536 | ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: Scanned in 00mn 56s

---\\ Scâner Aditional (088)
Database Version : 13026 - (28/06/2014)
Clés trouvées (Keys found) : 37
Valeurs trouvées (Values found) : 14
Dossiers trouvés (Folders found) : 14
Fichiers trouvés (Files found) : 40

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC0AC198-6E89-B800-6267-3FB03AC713AB}] =>PUP.BlockAndSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\BlockAndSurf] =>PUP.BlockAndSurf^
[HKLM\SYSTEM\CurrentControlSet\Services\bSTHJkkVfqB] =>PUP.RadSteroids^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\NewPlayerUpdaterService] =>Adware.NewPlayer^
[HKLM\SYSTEM\CurrentControlSet\Services\servervo] =>Adware.Downware^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsProtectManger] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\B6EAC032-AEE4-75F4-BCBF-69A93D1B1C82] =>PUP.BlockAndSurf^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage] =>Adware.Downware^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer] =>Adware.NewPlayer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Radsteroids] =>PUP.RadSteroids^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstaller] =>Hijacker.OmigaPlus^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Tracing\speedupmypc_RASMANCS] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Microsoft\Tracing\speedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1] =>PUP.SpeedUpMyPC
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\CrossriderApp0059599.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0059599.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0059599.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0059599.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511951199}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511951199}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522952299}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511951199}] =>PUP.CrossRider
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AnyProtect Scanner =>PUP.AnyProtect^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:VOPackage =>Adware.Downware^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BlockAndSurf =>PUP.BlockAndSurf^
C:\Program Files\-BlockAndSurfS =>PUP.BlockAndSurf^
C:\Program Files\NewPlayer =>Adware.NewPlayer^
C:\Program Files\realudeaL =>PUP.RealDeal^
C:\Program Files\RoyalShoopperApp =>PUP.RoyalShopperApp^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>Trojan.SProtector^
C:\ProgramData\Radsteroids =>PUP.RadSteroids^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\win\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\win\AppData\Roaming\VOPackage =>Adware.Downware^
C:\Users\win\AppData\Local\freeSOFTtoday =>Adware.FreeSoftToday^
C:\Users\win\AppData\Local\Radsteroids =>PUP.RadSteroids^
C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage =>Adware.Downware^
C:\Users\win\AppData\Roaming\SimilarSites =>Adware.SimilarSites
C:\Users\win\AppData\Roaming\VOPackage\VOPackage.exe =>Adware.Downware^
C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe =>PUP.BlockAndSurf^
C:\Program Files\-BlockAndSurfS\wdBlockAndSurfS.exe =>PUP.BlockAndSurf^
C:\Program Files\-BlockAndSurfS\appBlockAndSurfG58.exe =>PUP.BlockAndSurf^
C:\Windows\Tasks\APSnotifierPP1.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP1 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP2.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP2 =>PUP.AnyProtect^
C:\Windows\Tasks\APSnotifierPP3.job =>PUP.AnyProtect^
C:\Windows\System32\Tasks\APSnotifierPP3 =>PUP.AnyProtect^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-1 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-2 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-3 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-4 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-5 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-6 =>PUP.CrossRider^
C:\Windows\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b64e9e67-5c81-4488-bda7-cf1337219a7c-7 =>PUP.CrossRider^
C:\Windows\Tasks\BlockAndSurf Update.job =>PUP.BlockAndSurf^
C:\Windows\System32\Tasks\BlockAndSurf Update =>PUP.BlockAndSurf^
C:\Windows\Tasks\BlockAndSurf_wd.job =>PUP.BlockAndSurf^
C:\Windows\System32\Tasks\BlockAndSurf_wd =>PUP.BlockAndSurf^
C:\Windows\Tasks\SpeedUpMyPC Maintenance.job =>PUP.SpeedUpMyPC^
C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance =>PUP.SpeedUpMyPC^
C:\Windows\Tasks\SpeedUpMyPC Startup.job =>PUP.SpeedUpMyPC^
C:\Windows\System32\Tasks\SpeedUpMyPC Startup =>PUP.SpeedUpMyPC^
[HKCU\Software\AnyProtect] =>PUP.AnyProtect^
[HKCU\Software\TutoTag] =>PUP.AgenceExclusive^
[HKLM\Software\SiteFinder] =>Adware.ShoppingReport^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKCR\CLSID\{22222222-2222-2222-2222-220522952299}] (CrossriderApp0059599.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{EC0AC198-6E89-B800-6267-3FB03AC713AB}] (BlockAndSurf) =>PUP.BlockAndSurf^
~ Additionnel Scan: 214385 Items scanned in 01mn 21s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Downware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BlockAndSurf
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AnyProtect
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SearchProtect
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.RadSteroids
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AgenceExclusive
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ShoppingReport
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.FreeSoftToday
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SimilarSites
~ MSI: 19 link(s) detected in 00mn 00s

~ 825 Legitimates filtered by white list
End of the scan (761 lines in 05mn 40s)(0)

por **Power Max** Sáb 28 Jun 2014, 16:08

Onde é que você foi baixar este IE10? Se você não aprender a proteger o seu PC não vai ter como te ajudar, porque a todo momento você vai estar contaminando o seu PC.

por smurff Sáb 28 Jun 2014, 17:55

simplismente baixei do baixaki e executei mas essa porcaria se instala sem permissao!!!!!!!!!!!!!

por **Power Max** Sáb 28 Jun 2014, 18:09

O melhor sempre é baixar no site oficial do programa.

Mas quando for preciso baixar pelo Baixaki siga esta dica:

Como baixar programas sem adwares no baixaki:

Para evitar baixar programas que contenham estes problemas embutidos, quando for baixar alguma coisa do Baixaki, veja se abaixo do botão "Clique para Baixar" há a frase "Ou baixe sem o instalador do Baixaki". Quando houver esta frase, clique este link com a frase "Ou baixe sem o instalador do Baixaki" para fazer o download de forma segura.
_______________________________________________________

Outra coisa importante: Se você quiser que eu continue te ajudando na limpeza do seu PC é preciso que você se comprometa a não instalar nada que não te pedir, até que o caso seja resolvido. Você concorda?
_________________________________________________________

Se você concordar com o que propus acima, faça uma restauração do sistema para o último ponto de restauração (que deve ter sido criado pelo ZHP ou pelo Zoek antes da instalação deste Baidu). Depois de fazer esta restauração nos diga se o Baidu foi eliminado.

por smurff Sáb 28 Jun 2014, 18:19

fiz restauraçao do sistema mas o baidu continua .

por **Power Max** Sáb 28 Jun 2014, 18:21

Mas você concorda com o que te propus acima?

por smurff Sáb 28 Jun 2014, 18:34

com certesa

por **Power Max** Sáb 28 Jun 2014, 18:35

Vamos começar do começo novamente:

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por smurff Sáb 28 Jun 2014, 19:12

# AdwCleaner v3.213 - Relatório criado 27/06/2014 às 21:48:49
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : win - WIN-PC
# Executando de : C:\Users\win\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : ca82e1a5
Serviço Deletada : dfc86759
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : ProtectMonitor
Serviço Deletada : vosr

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\webssearches
Pasta Deletada : C:\ProgramData\2308189059
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Performancer
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\FlexiubleShopper
Pasta Deletada : C:\ProgramData\Graeatsaver
Pasta Deletada : C:\ProgramData\KingCoUpon
Pasta Deletada : C:\ProgramData\Search-NEwTiab
Pasta Deletada : C:\ProgramData\Seeaorch--NeweTabb
Pasta Deletada : C:\ProgramData\Suearach-NewTabb
Pasta Deletada : C:\ProgramData\websavve
Pasta Deletada : C:\ProgramData\weebsAve
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jfilemanager
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\GrabRez
Pasta Deletada : C:\Program Files\HomeTab
Pasta Deletada : C:\Program Files\Jump Flip
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\MyPC Backup
Pasta Deletada : C:\Program Files\Optimizer Elite Max
Pasta Deletada : C:\Program Files\Optimizer Pro
Pasta Deletada : C:\Program Files\PCDApp
Pasta Deletada : C:\Program Files\ScanTack
Pasta Deletada : C:\Program Files\Trymedia
Pasta Deletada : C:\Program Files\Uninstaller
Pasta Deletada : C:\Program Files\Seeaorch--NeweTabb
Pasta Deletada : C:\Program Files\Suearach-NewTabb
Pasta Deletada : C:\Program Files\websavve
Pasta Deletada : C:\Program Files\weebsAve
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\ASPNET\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\win\AppData\Local\Beamrise
Pasta Deletada : C:\Users\win\AppData\Local\BeamriseUninstall
Pasta Deletada : C:\Users\win\AppData\Local\genienext
Pasta Deletada : C:\Users\win\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\win\AppData\Local\jfilemanager
Pasta Deletada : C:\Users\win\AppData\Local\lollipop
Pasta Deletada : C:\Users\win\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\win\AppData\Local\torch
Pasta Deletada : C:\Users\win\AppData\LocalLow\HomeTab
Pasta Deletada : C:\Users\win\AppData\LocalLow\SimplyTech
Pasta Deletada : C:\Users\win\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\win\AppData\Roaming\baidu
Pasta Deletada : C:\Users\win\AppData\Roaming\EZDownloader
Pasta Deletada : C:\Users\win\AppData\Roaming\Optimizer Elite Max
Pasta Deletada : C:\Users\win\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\win\AppData\Roaming\PC TEKNIX
Pasta Deletada : C:\Users\win\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\win\AppData\Roaming\SimplyTech
Pasta Deletada : C:\Users\win\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\win\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\win\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\win\AppData\Roaming\Microsoft\windows\Start Menu\Programs\MyPC Backup
Pasta Deletada : C:\Users\win\AppData\Roaming\Microsoft\windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\win\Documents\Mobogenie
Pasta Deletada : C:\Users\win\Documents\Optimizer Pro
Pasta Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\Extensions\67af2835-79c3-420a-bc70-cd5399c4b726@5c23b6cf-f0cf-4ff9-89af-a3fb89311be5.com
Pasta Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\Extensions\6c78cab3-0311-420c-8cc8-d70d7c2e12d0@61a12377-7214-44f1-a183-c0827fed20fa.com
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\afppilkldaidejbbgncjmchcllapmpfl
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcabcjecphallgbobkebfldecaailkb
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapgoieponmleaihpfdgoplcklinnonh
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\bonmgpglnblhjmckooipapelaipldnja
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\igocdjpdkjdmeajoboodboloopfemdfc
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghcdphecoipflkohobanicpcnigmlao
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfkecigemdbccomnkphghafakdglkic
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Pasta Deletada : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogomlecekhkleobibcakjipomkejfick
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Windows\system32\SecureAssist.ini
Arquivo Deletada : C:\Windows\system32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\win\daemonprocess.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector_startup
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Updater
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\PCHelpers_period.job
Arquivo Deletada : C:\Windows\System32\Tasks\PCHelpers_period
Arquivo Deletada : C:\Windows\Tasks\PCHelpers1st.job
Arquivo Deletada : C:\Windows\System32\Tasks\PCHelpers1st
Arquivo Deletada : C:\Windows\System32\Tasks\ProtectedSearch
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Deletada : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
Arquivo Deletada : C:\Windows\Tasks\SaveSense.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-1
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-11
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-2
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-3
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-4
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-5
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-6
Arquivo Deletada : C:\Windows\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\6043832c-a99c-40d2-b13b-b5badee5fd19-7
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-1
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-11.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-11
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-2
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-3
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-4
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-5
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-6
Arquivo Deletada : C:\Windows\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\fbf33cb7-2f71-4af6-bcb5-0c13c8af4fc9-7

***** [ Atalhos ] *****

por **Power Max** Sáb 28 Jun 2014, 19:15

Este relatório é antigo:
# AdwCleaner v3.213 - Relatório criado 27/06/2014 às 21:48:49

Veja se na pasta do Adwcleaner foi criado um novo relatório e poste este novo.

por smurff Sáb 28 Jun 2014, 19:31

vou ter q executar noamente pois nao encontro este log

por **Power Max** Sáb 28 Jun 2014, 19:33

Os logs dele ficam nesta pasta:

C:\AdwCleaner mas se não tiver lá o log mais recente, execute ele novamente.

por smurff Sáb 28 Jun 2014, 19:45

# AdwCleaner v3.213 - Relatório criado 28/06/2014 às 19:34:48
# Atualizado 23/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : win - WIN-PC
# Executando de : C:\Users\win\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\Greener Web
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Updater
Arquivo Deletada : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\Software\Greener Web

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\win\AppData\Roaming\Mozilla\Firefox\Profiles\i2lhqlb3.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\win\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [82342 octets] - [27/06/2014 21:41:37]
AdwCleaner[R1].txt - [1344 octets] - [28/06/2014 19:31:03]
AdwCleaner[S0].txt - [76729 octets] - [27/06/2014 21:48:49]
AdwCleaner[S1].txt - [1250 octets] - [28/06/2014 19:34:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1310 octets] ##########

por **Power Max** Sáb 28 Jun 2014, 19:47

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por smurff Sáb 28 Jun 2014, 19:58

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by win on 28/06/2014 at 19:49:40,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r706-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d687747-ed29-4f98-ae2d-ea537ec4ea34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0d687747-ed29-4f98-ae2d-ea537ec4ea34}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/06/2014 at 19:55:46,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 28 Jun 2014, 20:25

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por smurff Sáb 28 Jun 2014, 22:20

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Windows\system32\appdata deleted
C:\Program Files\Fraven 1.1 deleted
C:\Program Files\Plus-HD-V1.6 deleted
C:\PROGRA~2\3bb21f3c3947cc4b deleted
C:\Program Files\Seeaorch--NeweTabb deleted
C:\Program Files\Suearach-NewTabb deleted
C:\Program Files\VideoPlayer deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\SetApp deleted
C:\PROGRA~2\InstallMate deleted
C:\Windows\System32\Tasks\SystemSockets deleted
C:\Windows\System32\Tasks\Browser Updater deleted
C:\Users\win\Downloads\rcpsetupdsnr_ds15720427 (1).exe deleted
C:\Users\win\Downloads\rcpsetupdsnr_ds15720427.exe deleted
C:\Users\win\Searches deleted
C:\Windows\system32\tasks\ProtectedSearch deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Windows\Launcher.exe deleted
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w.sys deleted
C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys deleted
C:\Windows\system32\sasnative32.exe deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu\Baidu Antivirus
2014-02-09 01:08:35 2014-06-28 18:50:17 -------- d--h--w- C:\Program Files\Baidu Security
2014-06-28 16:47:14 2014-06-28 16:47:14 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687
2014-02-09 01:08:36 2014-06-28 19:04:56 -------- d--h--w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-28 16:47:14 2014-06-28 18:53:37 -------- d-----w- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2013-11-17 20:49:58 2014-06-28 18:54:46 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-09 01:09:08 2014-06-28 18:50:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-05-21 18:33:31 2014-06-28 18:50:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2013-11-17 20:49:58 2014-06-28 18:54:46 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-09 01:09:08 2014-06-28 18:50:33 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-05-21 18:33:31 2014-06-28 18:50:33 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-06-28 22:38:42 2014-06-28 22:38:42 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-02-09 01:07:06 2014-06-28 18:50:39 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-02-09 01:07:06 2014-06-28 18:51:26 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security
2014-02-09 01:12:29 2014-06-28 18:51:26 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-09 01:12:30 2014-06-28 18:51:26 -------- d-----w- C:\Users\win\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-21 18:33:30 2014-06-28 18:51:30 -------- d-----w- C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-06-28 18:55:27 2014-06-28 18:55:27 -------- d-----w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security
2014-06-28 11:22:34 2014-06-28 11:22:40 -------- d-----w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-28 18:48:51 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 13:38:48 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-06-28 13:39:11 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-28 11:22:42 2014-06-28 18:48:49 -------- d-----w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d-----w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-28 11:22:47 2014-06-28 18:48:49 -------- d-----w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-28 18:48:49 -------- d-----w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 11:22:48 -------- d-----w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 12:55:54 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Local_Temp_baidu_secure
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu
2014-06-28 11:22:48 2014-06-28 11:23:03 -------- d-----w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-28 11:22:56 2014-06-28 11:22:56 -------- d-----w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-28 18:48:51 -------- d-----w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 13:39:11 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-28 11:22:55 2014-06-28 11:22:55 -------- d-----w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 17:42:57 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================

--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 16:46:49
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 16:46:49
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-02-09 01:09:08
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-02-09 01:09:08
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico_gray.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Cookies_win@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 13:39:19
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1

--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

por smurff Sáb 28 Jun 2014, 22:22

=== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-02-08 02-09-30-0594-[6087].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-10-22-0441-[6257].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-02-08 02-10-48-0861-[6342].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-08 02-11-22-0335-[6453].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-01 03-15-20-0241-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-15-20-0275-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-02 03-54-47-0666-[19020].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-06 05-36-09-0515-[30794].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-07 05-17-25-0545-[26114].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-09 05-06-51-0515-[22024].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-10 05-42-55-0560-[32336].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-12 05-44-43-0515-[9657].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-13 05-06-59-0546-[19765].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-15 05-01-11-0451-[16609].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-17 05-14-58-0536-[29046].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-05-19 05-26-39-0086-[26815].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-43-04-0279-[12266].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-18-30-0917-[0697].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-53-05-0179-[26729].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-21 05-16-20-0133-[6018].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-16-57-0765-[6139].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-05-21 05-17-31-0236-[6250].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-21 05-17-42-0671-[6286].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-24-46-0219-[21926].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-06-25 06-18-17-0109-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-06-25 06-18-45-0032-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]
"item"="Baidu PC Faster WindowsFaster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"DisplayIcon"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"UninstallString"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"InstallDir"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"="VISTARTM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\LastReportTime]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ee7254a0_0]
@="{0.0.0.00000000}.{dd659893-bbcc-44f5-92c1-35e119d2784b}|\\Device\\HarddiskVolume2\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFPopups.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"DisplayIcon"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\""

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"Publisher"="Baidu Online Network Technology (Beijing) Co., Ltd."

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"UninstallString"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\" -uninstall "

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jlceijfdfeghdhmmbhbcffanmcggoojf - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

por smurff Sáb 28 Jun 2014, 22:23

=== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-02-08 02-09-30-0594-[6087].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-08 02-10-22-0441-[6257].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-02-08 02-10-48-0861-[6342].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-08 02-11-22-0335-[6453].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-01 03-15-20-0241-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-01 03-15-20-0275-[17301].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-02 03-54-47-0666-[19020].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-06 05-36-09-0515-[30794].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-07 05-17-25-0545-[26114].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-09 05-06-51-0515-[22024].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-10 05-42-55-0560-[32336].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-12 05-44-43-0515-[9657].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-13 05-06-59-0546-[19765].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-15 05-01-11-0451-[16609].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-17 05-14-58-0536-[29046].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-05-19 05-26-39-0086-[26815].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-43-04-0279-[12266].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-20 05-18-30-0917-[0697].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-53-05-0179-[26729].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-21 05-16-20-0133-[6018].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-16-57-0765-[6139].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-05-21 05-17-31-0236-[6250].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-21 05-17-42-0671-[6286].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-05-21 05-24-46-0219-[21926].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-06-25 06-18-17-0109-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-06-25 06-18-45-0032-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@="baidu right click handler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BavShx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]
"item"="Baidu PC Faster WindowsFaster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"="Baidu Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Bav.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"DisplayIcon"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"UninstallString"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"InstallDir"="C:\\Program Files\\Baidu Security\\PC App Store\\4.5.1.6049"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"="VISTARTM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
"Path"="\\Baidu Antivirus Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"="Baidu PC App Store Service 4.5.1.6049"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\LastReportTime]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"="http://csu.pcfaster.baidu.com/cgi-bin/bl_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"="http://csu.pcfaster.baidu.com/cgi-bin/get_op_conf.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"="http://csu.pcfaster.baidu.com/cgi-bin/ui_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"="http://csu.pcfaster.baidu.com/cgi-bin/co_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"="http://csu.pcfaster.baidu.com/cgi-bin/fs_put_file.cgi"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=PCAppStore|gl|upgrade|Bundle&version=4.0.7.72269&userid=315fa33f6c952630620f48bfb52c79ee&old_userid=S2SNJ5FC-5CC9D3087F19!552ad7a3-7f99-4fd4-9429-74dcbcfe8994@#5CC9D3087F19&install_time=2014-06-19 18:10:51&parent_name="

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ee7254a0_0]
@="{0.0.0.00000000}.{dd659893-bbcc-44f5-92c1-35e119d2784b}|\\Device\\HarddiskVolume2\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFPopups.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"DisplayIcon"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\""

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"Publisher"="Baidu Online Network Technology (Beijing) Co., Ltd."

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"UninstallString"="\"%APPDATA%\\baidu\\hao123-br\\hao123.1.0.0.1111.exe\" -uninstall "

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jlceijfdfeghdhmmbhbcffanmcggoojf - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=82443&st=bs&tid=24086&ver=6.4&ts=1403311224855&tguid=82443-24086-1403311224855-5F0010873971B72AA96104B22A519D05&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

por smurff Sáb 28 Jun 2014, 23:57

Fico no aguardo para proximo procedimento notbook muito lento - Página 2 648673379

por **Power Max** Dom 29 Jun 2014, 09:44

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por smurff Dom 29 Jun 2014, 12:05

Zoek.exe v5.0.0.0 Updated 28-06-2014
Tool run by win on 29/06/2014 at 11:48:45,53.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-29-011711.log 90442 bytes

==== System Restore Info ======================

29/06/2014 11:51:27 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.5.1.6049} deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCAppStoreSvc_{PCAppStore_4.5.1.6049} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-06-25 06-18-17-0109-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-06-25 06-18-45-0032-[0041].tmp"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]
"item"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.5.1.6049]
"InstallDir"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBED6752-7669-407A-AA1D-F045362A331E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu Antivirus Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.5.1.6049}]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\4.5.1.6049\LastReportTime]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"e"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"f"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"i"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"j"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
"n"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]
"url"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]
"url"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ee7254a0_0]
@=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"DisplayIcon"=-
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"Publisher"=-
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-br]
"UninstallString"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu-Security-2014-4.4.4.73687 deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Users\win\AppData\Roaming\Baidu Security deleted
C:\Users\win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BavUm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\AppStoreUtilExe.exe" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\DataReport.dll" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\log.dll" deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049\sqlite.dll" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files\Baidu Security" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files\Baidu Security\PC App Store" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files\Baidu Security\PC App Store\4.5.1.6049" deleted
"C:\Program Files\Baidu Security\Baidu Antivirus\log" not deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu\Baidu Antivirus
2014-02-09 01:08:35 2014-06-29 14:55:52 -------- d-----w- C:\Program Files\Baidu Security
2014-02-09 01:08:36 2014-06-29 14:55:50 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-06-29 01:17:07 2014-06-29 01:17:07 -------- d-----w- C:\ProgramData\Baidu
2014-06-29 01:17:07 2014-06-29 01:17:07 -------- d-----w- C:\Users\All Users\Baidu
2014-06-28 11:22:34 2014-06-28 18:50:17 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-29 14:55:06 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 16:47:14 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-06-28 13:39:11 2014-06-29 14:55:06 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-28 11:22:42 2014-06-29 14:55:20 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-29 14:55:22 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-29 14:55:22 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d-----w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 13:24:46 2014-06-28 13:24:46 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-28 11:22:47 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 18:50:33 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 22:38:42 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-29 14:55:22 2014-06-29 14:55:23 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Local_Temp_baidu_secure
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu
2014-06-28 11:22:48 2014-06-28 18:51:26 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:56 2014-06-28 18:55:27 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-29 14:54:19 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 13:38:48 2014-06-29 14:54:24 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-29 14:55:29 2014-06-29 14:55:29 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 18:51:26 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 17:42:57 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico_gray.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Cookies_win@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 13:39:19
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1

--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-29 14:55:22
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]

[HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4282 folders=749 626763831 bytes)

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\Bavnt.dll" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files\Baidu Security" not found
"C:\Program Files\Baidu Security\Baidu Antivirus" not found

==== EOF on 29/06/2014 at 12:03:35,21 ======================

por **Power Max** Dom 29 Jun 2014, 12:10

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por smurff Dom 29 Jun 2014, 12:53

Zoek.exe v5.0.0.0 Updated 28-06-2014
Tool run by win on 29/06/2014 at 12:42:48,84.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\win\Desktop\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-29-011711.log 90442 bytes
C:\zoek-results2014-06-29-150335.log 36632 bytes

==== System Restore Info ======================

29/06/2014 12:43:43 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster WindowsFaster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\CloudOPTInfo]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606561]
[-HKEY_USERS\S-1-5-21-4187004199-1384422717-2217211338-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\7606702]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security not found
C:\Program Files\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted

==== Folders Found ======================

2014-06-28 00:48:52 2014-06-28 00:48:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-28 00:49:12 2014-06-28 00:49:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu
2014-06-28 21:50:10 2014-06-28 21:50:10 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\win\AppData\Roaming\baidu\Baidu Antivirus
2014-06-28 11:22:34 2014-06-28 18:50:17 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-06-28 11:22:41 2014-06-29 14:55:06 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-06-28 13:38:48 2014-06-28 16:47:14 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687
2014-06-28 13:39:11 2014-06-29 14:55:06 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus
2014-06-28 13:24:46 2014-06-29 01:17:07 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-06-28 11:22:42 2014-06-29 14:55:20 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-29 14:55:22 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-29 14:55:22 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 01:25:44 2014-06-28 01:25:44 -------- d-----w- C:\zoek_backup\C_PROGRA~2_Baidu
2014-06-28 13:24:46 2014-06-29 01:17:07 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-06-28 11:22:47 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-28 11:22:48 2014-06-29 14:55:22 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-06-28 11:22:48 2014-06-28 18:50:33 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:48 2014-06-28 22:38:42 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-29 14:55:22 2014-06-29 14:55:23 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Local_Temp_baidu_secure
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu
2014-06-28 11:22:48 2014-06-28 18:51:26 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu_Baidu Antivirus
2014-06-29 14:55:30 2014-06-29 14:55:30 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Baidu PC App Store
2014-06-28 11:22:56 2014-06-28 18:55:27 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security
2014-06-28 11:22:34 2014-06-29 14:54:19 -------- d--ha-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus
2014-06-28 13:38:48 2014-06-29 14:54:24 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus
2014-06-28 13:39:19 2014-06-28 13:39:19 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu\Baidu Antivirus
2014-06-29 14:55:29 2014-06-29 14:55:29 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-06-28 11:22:55 2014-06-28 18:51:26 -------- d---a-w- C:\zoek_backup\C_Users_win_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-06-28 01:25:37 2014-06-28 17:42:57 -------- d---a-w- C:\zoek_backup\C_Windows_system32_appdata\baidu

==== Files Found ======================

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus_Plugins_Plugin_Antivirus_res_skin_icon_baidu_engine_ico_gray.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:19
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Users_win_AppData_Roaming_Microsoft_Windows_Cookies_win@baidu[1].txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 103
Created time: 2014-06-28 13:39:19
Modified time: 2014-06-28 12:58:30
MD5: 6DD448555A7E3F11388F960B97D408B4
SHA1: A30C5A61C27B13FE65D75201E7D90AE8E2BB96E1

--- C:\zoek_backup\C_Windows_system32_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3408
Created time: 2014-06-28 01:25:47
Modified time: 2014-02-21 20:00:37
MD5: CDCAE1BCFD46064A4CF40F390ABA6E8F
SHA1: 31957C0D0CF086A55EB65DA3FCC96E40FA6477A5

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:38:56
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1323
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: FBCB3967D17EC32B5C06AA8811A53A5B
SHA1: DF0B4F19325E070A20E9CA9AEB75E863DFBCBDD1

--- C:\zoek_backup\C_Program Files_Baidu-Security-2014-4.4.4.73687_Baidu Antivirus\Plugins\Plugin_Antivirus\res\skin\icon\baidu_engine_ico_gray.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1338
Created time: 2014-06-28 13:39:13
Modified time: 2014-01-13 13:40:30
MD5: BD2291EAA1C833CCA729214DFBE7B341
SHA1: FD6D550FE31ACDF679ED6005C47638DA7FB82BFB

--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-29 14:55:22
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1178
Created time: 2014-06-28 11:22:48
Modified time: 2014-02-21 20:00:32
MD5: AF8B80B63A07F0FD288E73DB0352096C
SHA1: 73389CBE3A00262A90F2854C1F15D5A3807A86EA

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4286 folders=749 626764153 bytes)

==== EOF on 29/06/2014 at 12:47:16,88 ======================

por Conteúdo patrocinado

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31