Remover o Baidu pc fast

ja tentei de todas as formas possiveis desinstalar o baidu mas ele ainda ta garrado no meu notbook.

Olá thiago.gao

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da TrendMicro) e salve-o no desktop (Área de Trabalho)

*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:27, on 30/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Baidu PC Faster 3.7.0.0] "C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Baidu PC App Store Service 3.8.8.1435 (PCAppStoreSvc_{PCAppStore_3.8.8.1435}) - Baidu Inc. - C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe

--
End of file - 6243 bytes

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aceite o contrato, desmarque a opção Addition.txt, clique [Scan] e ao término clique [OK]

*Cole ou anexe o relatório FRST.txt criado no Desktop

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by Usuario (administrator) on USUARIO-PC on 30-10-2013 14:20:15
Running from C:\Users\Usuario\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(GAS Tecnologia) C:\PROGRA~1\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe
() C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Baidu PC Faster 3.7.0.0] - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe [1808880 2013-10-10] (Baidu Inc.)
HKLM\...\Run: [fst_br_4] - [x]
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDE9639EB3D95CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1598520 2013-09-23] (Banco Real)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface\3.4.0_0
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [451640 2013-09-23] (GAS Tecnologia)
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435}; C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe [546496 2013-08-15] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_3.7.0.0}; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [639168 2013-10-10] (Baidu Inc.)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe [186760 2010-12-14] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2013-10-10] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [95552 2013-10-10] (Baidu, Inc.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46392 2013-09-23] (GAS Tecnologia)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [111264 2013-10-10] (Baidu, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:17 - 2013-10-30 14:18 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:26 - 2013-10-30 10:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 16:40 - 2013-10-26 16:04 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 15:27 - 2013-10-25 15:28 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-30 10:06 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 14:04 - 2013-09-23 19:10 - 00046392 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\GbpKm.sys
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-17 00:31 - 2013-10-18 19:29 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:57 - 2013-10-16 23:59 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 16:40 - 2013-09-22 21:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-16 16:40 - 2013-09-22 21:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-16 16:40 - 2013-09-21 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-16 16:40 - 2013-09-21 00:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-16 16:30 - 2013-09-13 23:51 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-16 16:30 - 2013-09-13 22:57 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-16 16:30 - 2013-09-08 00:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-16 16:30 - 2013-09-07 00:06 - 01309120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-16 16:30 - 2013-09-07 00:06 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-16 16:30 - 2013-08-28 23:58 - 03973568 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-16 16:30 - 2013-08-28 23:58 - 03918272 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-16 16:30 - 2013-08-28 23:57 - 01293216 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-16 16:30 - 2013-08-28 23:57 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-16 16:30 - 2013-08-28 23:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-16 16:30 - 2013-08-28 23:07 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2013-10-16 16:30 - 2013-08-28 23:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2013-10-16 16:30 - 2013-08-28 23:06 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2013-10-16 16:30 - 2013-08-28 23:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2013-10-16 16:30 - 2013-08-28 22:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-16 16:30 - 2013-08-01 09:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-16 16:30 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-16 16:30 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-16 16:30 - 2013-07-03 01:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-16 16:30 - 2013-07-03 01:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-16 16:30 - 2013-06-06 03:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-16 16:30 - 2013-06-06 01:15 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-16 16:30 - 2013-06-06 01:14 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-16 16:29 - 2013-08-27 23:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-16 16:29 - 2013-08-27 22:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-16 16:29 - 2013-07-04 09:59 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-16 16:29 - 2013-07-04 09:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-16 16:29 - 2013-07-04 08:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-16 16:27 - 2013-07-12 08:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-16 16:27 - 2013-07-12 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-16 16:27 - 2013-06-25 20:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-15 21:12 - 2013-10-15 21:13 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\ProgramData\eSafe
2013-10-10 18:07 - 2013-10-25 15:29 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-10 18:07 - 2013-10-25 15:29 - 00000000 ____D C:\Program Files\CCleaner
2013-10-10 18:06 - 2013-10-17 00:29 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-10 18:06 - 2013-10-10 20:11 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:21 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:04 - 2013-10-25 15:41 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-10 18:04 - 2013-10-10 18:06 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:04 - 2013-10-10 18:06 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-10-15 18:56 - 00000000 ____D C:\Windows\system32\appmgmt

==================== One Month Modified Files and Folders =======

2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:18 - 2013-10-30 14:17 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:58 - 2013-08-10 11:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 13:42 - 2013-08-09 18:28 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 12:58 - 2013-08-10 11:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 11:30 - 2013-08-09 17:58 - 02082761 _____ C:\Windows\WindowsUpdate.log
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:27 - 2013-10-30 10:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:11 - 2010-11-21 00:33 - 00663804 _____ C:\Windows\system32\prfh0416.dat
2013-10-30 10:11 - 2010-11-21 00:33 - 00128094 _____ C:\Windows\system32\prfc0416.dat
2013-10-30 10:11 - 2010-11-20 19:01 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 10:06 - 2013-10-24 14:04 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-30 10:06 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-26 16:04 - 2013-10-25 16:40 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 15:41 - 2013-10-10 18:04 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-25 15:29 - 2013-10-10 18:07 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-25 15:29 - 2013-10-10 18:07 - 00000000 ____D C:\Program Files\CCleaner
2013-10-25 15:28 - 2013-10-25 15:27 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-18 19:29 - 2013-10-17 00:31 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 21:05 - 2013-08-10 11:48 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:29 - 2013-10-10 18:06 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:59 - 2013-10-16 23:57 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:29 - 2013-08-10 10:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Adobe
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 18:34 - 2013-08-09 17:53 - 00000000 ____D C:\Windows\Panther
2013-10-16 17:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-16 17:11 - 2009-07-14 02:33 - 00425632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-16 17:09 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-10-16 16:44 - 2013-08-14 15:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-16 16:40 - 2013-08-09 19:21 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-16 16:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-16 16:21 - 2013-08-09 18:05 - 00000000 ___HD C:\Users\Usuario
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\AppCompat
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-16 16:20 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\registration
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ___HD C:\Users\Usuario\AppData\Local\Google
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ____D C:\Program Files\Google
2013-10-16 16:09 - 2010-11-21 00:41 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-15 21:13 - 2013-10-15 21:12 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 19:38 - 2013-08-09 18:07 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore
2013-10-15 18:56 - 2013-10-02 22:35 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\ProgramData\eSafe
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-10 20:11 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:25 - 2009-07-14 00:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-10-10 18:21 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:13 - 2013-08-10 09:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:04 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:06 - 2013-10-10 18:04 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 18:42 - 2009-07-14 02:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\ProgramData\Skype
2013-10-02 18:57 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2012-01-03 16:58] - [2012-01-03 16:58] - 0287232 ____A (Microsoft Corporation) 7295110E1BF93885D29480D29D967E0F

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-01-03 17:44] - [2012-01-03 17:44] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2012-01-03 16:43] - [2012-01-03 16:43] - 0811520 ____A (Microsoft Corporation) 522899528A6DFCAB89AEB895E4DC0EBD

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-01-03 16:43] - [2012-01-03 16:43] - 0246128 ____A (Microsoft Corporation) 4B93EBB74FBAA2A6C16A7E65ABCF1F16



LastRegBack: 2013-10-26 21:59

==================== End Of Log ============================

Baixe o arquivo fixlist.txt e salve-o na mesma pasta onde encontra-se o FRST

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop

*Reinicie o PC


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt



Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013
Ran by Usuario at 2013-10-30 14:50:48 Run:1
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Program Files\Baidu Security
C:\Windows\System32\drivers\Bhbase.sys
C:\Windows\System32\drivers\BprotectEx.sys
C:\ProgramData\boost_interprocess
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435};
R2 PCFasterSvc_{PCFaster_3.7.0.0};
R0 Bhbase;
R1 BprotectEx;
R3 PCFApiUtil;

*****************

C:\Program Files\Baidu Security => Moved successfully.
C:\Windows\System32\drivers\Bhbase.sys => Moved successfully.
C:\Windows\System32\drivers\BprotectEx.sys => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.

========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f =========

ERRO: sintaxe inv lida.
Digite "REG DELETE /?" para obter detalhes sobre o uso.


========= End of Reg: =========


========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f =========

A opera‡Æo foi conclu¡da com ˆxito.



========= End of Reg: =========

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
PCAppStoreSvc_{PCAppStore_3.8.8.1435} => Service deleted successfully.
PCFasterSvc_{PCFaster_3.7.0.0} => Unable to delete service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.


The system needs a manual reboot.

==== End of Fixlog ====

# AdwCleaner v3.010 - Relatório criado 30/10/2013 às 15:32:23
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\Program Files\BonanzaDeals
Pasta Deletada : C:\Program Files\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\lollipop
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\UpdaterEX
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8704 octets] - [30/10/2013 15:31:08]
AdwCleaner[S0].txt - [8487 octets] - [30/10/2013 15:32:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8547 octets] ##########

Baixe o arquivo fixlist.txt e salve-o no mesmo local onde encontra-se o FRST

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop

*Reinicie o PC e informe se foi resolvido


Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013
Ran by Usuario at 2013-10-30 15:45:21 Run:2
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f
R2 PCFasterSvc_{PCFaster_3.7.0.0};

*****************


========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f =========

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.


========= End of Reg: =========

PCFasterSvc_{PCFaster_3.7.0.0} => Service deleted successfully.

==== End of Fixlog

eu reiniciei o pc, o baidu desta vez nao pediu pra fazer auteraçoes no pc nao. mas eu abri o painel de controle e ele continua la , eu seleciono a opçao desinstalar e aparece uma mensangen dizendo que ele ja foi desistalado, e aparece outra mensagem perguntando se eu desejo remover o baidu da lista de programas, eu clico em sim, ai aparece outra mensagen dizendo que eu nao tenho permiçao somente um administrador.

thiago.gao escreveu:eu reiniciei o pc, o baidu desta vez nao pediu pra fazer auteraçoes no pc nao. mas  eu abri o painel de controle e ele continua la ,  eu seleciono a opçao  desinstalar e aparece uma mensangen dizendo que ele ja foi desistalado, e aparece outra mensagem perguntando se eu desejo remover o baidu da lista de programas, eu clico em sim, ai aparece outra mensagen dizendo que eu nao tenho permiçao somente um administrador.

Vc precisa estar logado como administrador. Se sua conta não tem privilégios administrativos, vc não conseguirá remover o baidu da lista de programas.

espero que esse baidu nunca mais volte . muinto obrigado Wings

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Run]

*Feche o relatório apresentado


Delete o DelFix e o arquivo C:\DelFix.txt


Um abraço...

CASO RESOLVIDO

Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.