Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 2 usuários online :: 0 registrados, 0 invisíveis e 2 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Remover o Baidu pc fast
2 participantes
Página 1 de 1
Remover o Baidu pc fast
ja tentei de todas as formas possiveis desinstalar o baidu mas ele ainda ta garrado no meu notbook.
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Olá thiago.gao
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da TrendMicro) e salve-o no desktop (Área de Trabalho)
*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da TrendMicro) e salve-o no desktop (Área de Trabalho)
*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado
Re: Remover o Baidu pc fast
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:27, on 30/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Baidu PC Faster 3.7.0.0] "C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Baidu PC App Store Service 3.8.8.1435 (PCAppStoreSvc_{PCAppStore_3.8.8.1435}) - Baidu Inc. - C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
--
End of file - 6243 bytes
Scan saved at 13:45:27, on 30/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Baidu PC Faster 3.7.0.0] "C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Baidu PC App Store Service 3.8.8.1435 (PCAppStoreSvc_{PCAppStore_3.8.8.1435}) - Baidu Inc. - C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
--
End of file - 6243 bytes
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Aceite o contrato, desmarque a opção Addition.txt, clique [Scan] e ao término clique [OK]
*Cole ou anexe o relatório FRST.txt criado no Desktop
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Aceite o contrato, desmarque a opção Addition.txt, clique [Scan] e ao término clique [OK]
*Cole ou anexe o relatório FRST.txt criado no Desktop
eu estou copiando e colando o resultado.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013
Ran by Usuario (administrator) on USUARIO-PC on 30-10-2013 14:20:15
Running from C:\Users\Usuario\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(GAS Tecnologia) C:\PROGRA~1\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe
() C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Baidu PC Faster 3.7.0.0] - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe [1808880 2013-10-10] (Baidu Inc.)
HKLM\...\Run: [fst_br_4] - [x]
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDE9639EB3D95CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1598520 2013-09-23] (Banco Real)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface\3.4.0_0
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [451640 2013-09-23] (GAS Tecnologia)
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435}; C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe [546496 2013-08-15] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_3.7.0.0}; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [639168 2013-10-10] (Baidu Inc.)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe [186760 2010-12-14] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2013-10-10] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [95552 2013-10-10] (Baidu, Inc.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46392 2013-09-23] (GAS Tecnologia)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [111264 2013-10-10] (Baidu, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:17 - 2013-10-30 14:18 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:26 - 2013-10-30 10:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 16:40 - 2013-10-26 16:04 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 15:27 - 2013-10-25 15:28 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-30 10:06 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 14:04 - 2013-09-23 19:10 - 00046392 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\GbpKm.sys
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-17 00:31 - 2013-10-18 19:29 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:57 - 2013-10-16 23:59 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 16:40 - 2013-09-22 21:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-16 16:40 - 2013-09-22 21:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-16 16:40 - 2013-09-21 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-16 16:40 - 2013-09-21 00:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-16 16:30 - 2013-09-13 23:51 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-16 16:30 - 2013-09-13 22:57 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-16 16:30 - 2013-09-08 00:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-16 16:30 - 2013-09-07 00:06 - 01309120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-16 16:30 - 2013-09-07 00:06 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-16 16:30 - 2013-08-28 23:58 - 03973568 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-16 16:30 - 2013-08-28 23:58 - 03918272 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-16 16:30 - 2013-08-28 23:57 - 01293216 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-16 16:30 - 2013-08-28 23:57 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-16 16:30 - 2013-08-28 23:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-16 16:30 - 2013-08-28 23:07 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2013-10-16 16:30 - 2013-08-28 23:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2013-10-16 16:30 - 2013-08-28 23:06 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2013-10-16 16:30 - 2013-08-28 23:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2013-10-16 16:30 - 2013-08-28 22:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-16 16:30 - 2013-08-01 09:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-16 16:30 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-16 16:30 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-16 16:30 - 2013-07-03 01:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-16 16:30 - 2013-07-03 01:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-16 16:30 - 2013-06-06 03:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-16 16:30 - 2013-06-06 01:15 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-16 16:30 - 2013-06-06 01:14 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-16 16:29 - 2013-08-27 23:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-16 16:29 - 2013-08-27 22:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-16 16:29 - 2013-07-04 09:59 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-16 16:29 - 2013-07-04 09:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-16 16:29 - 2013-07-04 08:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-16 16:27 - 2013-07-12 08:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-16 16:27 - 2013-07-12 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-16 16:27 - 2013-06-25 20:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-15 21:12 - 2013-10-15 21:13 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\ProgramData\eSafe
2013-10-10 18:07 - 2013-10-25 15:29 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-10 18:07 - 2013-10-25 15:29 - 00000000 ____D C:\Program Files\CCleaner
2013-10-10 18:06 - 2013-10-17 00:29 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-10 18:06 - 2013-10-10 20:11 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:21 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:04 - 2013-10-25 15:41 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-10 18:04 - 2013-10-10 18:06 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:04 - 2013-10-10 18:06 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-10-15 18:56 - 00000000 ____D C:\Windows\system32\appmgmt
==================== One Month Modified Files and Folders =======
2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:18 - 2013-10-30 14:17 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:58 - 2013-08-10 11:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 13:42 - 2013-08-09 18:28 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 12:58 - 2013-08-10 11:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 11:30 - 2013-08-09 17:58 - 02082761 _____ C:\Windows\WindowsUpdate.log
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:27 - 2013-10-30 10:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:11 - 2010-11-21 00:33 - 00663804 _____ C:\Windows\system32\prfh0416.dat
2013-10-30 10:11 - 2010-11-21 00:33 - 00128094 _____ C:\Windows\system32\prfc0416.dat
2013-10-30 10:11 - 2010-11-20 19:01 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 10:06 - 2013-10-24 14:04 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-30 10:06 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-26 16:04 - 2013-10-25 16:40 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 15:41 - 2013-10-10 18:04 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-25 15:29 - 2013-10-10 18:07 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-25 15:29 - 2013-10-10 18:07 - 00000000 ____D C:\Program Files\CCleaner
2013-10-25 15:28 - 2013-10-25 15:27 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-18 19:29 - 2013-10-17 00:31 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 21:05 - 2013-08-10 11:48 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:29 - 2013-10-10 18:06 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:59 - 2013-10-16 23:57 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:29 - 2013-08-10 10:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Adobe
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 18:34 - 2013-08-09 17:53 - 00000000 ____D C:\Windows\Panther
2013-10-16 17:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-16 17:11 - 2009-07-14 02:33 - 00425632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-16 17:09 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-10-16 16:44 - 2013-08-14 15:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-16 16:40 - 2013-08-09 19:21 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-16 16:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-16 16:21 - 2013-08-09 18:05 - 00000000 ___HD C:\Users\Usuario
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\AppCompat
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-16 16:20 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\registration
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ___HD C:\Users\Usuario\AppData\Local\Google
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ____D C:\Program Files\Google
2013-10-16 16:09 - 2010-11-21 00:41 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-15 21:13 - 2013-10-15 21:12 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 19:38 - 2013-08-09 18:07 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore
2013-10-15 18:56 - 2013-10-02 22:35 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\ProgramData\eSafe
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-10 20:11 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:25 - 2009-07-14 00:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-10-10 18:21 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:13 - 2013-08-10 09:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:04 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:06 - 2013-10-10 18:04 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 18:42 - 2009-07-14 02:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\ProgramData\Skype
2013-10-02 18:57 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2012-01-03 16:58] - [2012-01-03 16:58] - 0287232 ____A (Microsoft Corporation) 7295110E1BF93885D29480D29D967E0F
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-01-03 17:44] - [2012-01-03 17:44] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2012-01-03 16:43] - [2012-01-03 16:43] - 0811520 ____A (Microsoft Corporation) 522899528A6DFCAB89AEB895E4DC0EBD
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-01-03 16:43] - [2012-01-03 16:43] - 0246128 ____A (Microsoft Corporation) 4B93EBB74FBAA2A6C16A7E65ABCF1F16
LastRegBack: 2013-10-26 21:59
==================== End Of Log ============================
Ran by Usuario (administrator) on USUARIO-PC on 30-10-2013 14:20:15
Running from C:\Users\Usuario\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(GAS Tecnologia) C:\PROGRA~1\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe
(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe
() C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Baidu PC Faster 3.7.0.0] - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe [1808880 2013-10-10] (Baidu Inc.)
HKLM\...\Run: [fst_br_4] - [x]
Winlogon\Notify\ GbPluginAbn: C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDE9639EB3D95CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll [1598520 2013-09-23] (Banco Real)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface\3.4.0_0
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [451640 2013-09-23] (GAS Tecnologia)
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435}; C:\Program Files\Baidu Security\PC App Store\3.8.8.1435\PCAppStoreSvc.exe [546496 2013-08-15] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_3.7.0.0}; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe [639168 2013-10-10] (Baidu Inc.)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe [186760 2010-12-14] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2013-10-10] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [95552 2013-10-10] (Baidu, Inc.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46392 2013-09-23] (GAS Tecnologia)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2013-10-30] (GbPlugin NDIS Device Driver)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [111264 2013-10-10] (Baidu, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:17 - 2013-10-30 14:18 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:26 - 2013-10-30 10:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 16:40 - 2013-10-26 16:04 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 15:27 - 2013-10-25 15:28 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-30 10:06 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-24 14:04 - 2013-10-25 15:35 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 14:04 - 2013-09-23 19:10 - 00046392 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\GbpKm.sys
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-24 13:50 - 2013-10-29 13:38 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-17 00:31 - 2013-10-18 19:29 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:57 - 2013-10-16 23:59 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 16:40 - 2013-09-22 21:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-16 16:40 - 2013-09-22 21:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-16 16:40 - 2013-09-22 21:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-16 16:40 - 2013-09-22 21:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-16 16:40 - 2013-09-21 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-16 16:40 - 2013-09-21 00:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-16 16:30 - 2013-09-13 23:51 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-16 16:30 - 2013-09-13 22:57 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-16 16:30 - 2013-09-08 00:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-16 16:30 - 2013-09-07 00:06 - 01309120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-16 16:30 - 2013-09-07 00:06 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-16 16:30 - 2013-08-28 23:58 - 03973568 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-16 16:30 - 2013-08-28 23:58 - 03918272 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-16 16:30 - 2013-08-28 23:57 - 01293216 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-16 16:30 - 2013-08-28 23:57 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-16 16:30 - 2013-08-28 23:55 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2013-10-16 16:30 - 2013-08-28 23:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-16 16:30 - 2013-08-28 23:07 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2013-10-16 16:30 - 2013-08-28 23:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2013-10-16 16:30 - 2013-08-28 23:06 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2013-10-16 16:30 - 2013-08-28 23:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2013-10-16 16:30 - 2013-08-28 22:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-16 16:30 - 2013-08-01 09:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-16 16:30 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-16 16:30 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-16 16:30 - 2013-07-03 01:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-16 16:30 - 2013-07-03 01:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-16 16:30 - 2013-06-06 03:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-16 16:30 - 2013-06-06 03:02 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-16 16:30 - 2013-06-06 01:15 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-16 16:30 - 2013-06-06 01:14 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-16 16:29 - 2013-08-27 23:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-16 16:29 - 2013-08-27 22:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-16 16:29 - 2013-07-04 09:59 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-16 16:29 - 2013-07-04 09:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-16 16:29 - 2013-07-04 08:01 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-16 16:27 - 2013-07-12 08:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-16 16:27 - 2013-07-12 08:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-16 16:27 - 2013-06-25 20:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-15 21:12 - 2013-10-15 21:13 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 00:56 - 2013-10-15 18:55 - 00000000 ____D C:\ProgramData\eSafe
2013-10-10 18:07 - 2013-10-25 15:29 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-10 18:07 - 2013-10-25 15:29 - 00000000 ____D C:\Program Files\CCleaner
2013-10-10 18:06 - 2013-10-17 00:29 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-10 18:06 - 2013-10-10 20:11 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:21 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:04 - 2013-10-25 15:41 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-10 18:04 - 2013-10-10 18:06 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:04 - 2013-10-10 18:06 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-10-15 18:56 - 00000000 ____D C:\Windows\system32\appmgmt
==================== One Month Modified Files and Folders =======
2013-10-30 14:19 - 2013-10-30 14:19 - 00000000 ____D C:\FRST
2013-10-30 14:18 - 2013-10-30 14:17 - 01089275 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2013-10-30 13:58 - 2013-08-10 11:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 13:45 - 2013-10-30 13:45 - 00006244 _____ C:\Users\Usuario\Downloads\hijackthis.log
2013-10-30 13:44 - 2013-10-30 13:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2013-10-30 13:42 - 2013-08-09 18:28 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 12:58 - 2013-08-10 11:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 11:30 - 2013-08-09 17:58 - 02082761 _____ C:\Windows\WindowsUpdate.log
2013-10-30 10:27 - 2013-10-30 10:27 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2013-10-30 10:27 - 2013-10-30 10:27 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-30 10:27 - 2013-10-30 10:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:14 - 2009-07-14 02:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-30 10:11 - 2010-11-21 00:33 - 00663804 _____ C:\Windows\system32\prfh0416.dat
2013-10-30 10:11 - 2010-11-21 00:33 - 00128094 _____ C:\Windows\system32\prfc0416.dat
2013-10-30 10:11 - 2010-11-20 19:01 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-30 10:06 - 2013-10-24 14:04 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2013-10-30 10:06 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2013-10-29 13:38 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2013-10-28 16:28 - 2013-10-28 16:28 - 00435712 _____ (AF Install) C:\Users\Usuario\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-10-26 16:05 - 2013-10-26 16:05 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-10-26 16:04 - 2013-10-25 16:40 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2013-10-25 17:25 - 2013-10-25 17:25 - 00001149 _____ C:\Users\Usuario\Desktop\ProShow Producer.lnk
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Photodex
2013-10-25 17:25 - 2013-10-25 17:25 - 00000000 ____D C:\ProgramData\Photodex
2013-10-25 17:20 - 2013-10-25 17:20 - 00000000 ____D C:\Program Files\Photodex
2013-10-25 15:41 - 2013-10-10 18:04 - 00000000 ____D C:\Program Files\Baidu Security
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2013-10-25 15:35 - 2013-10-24 14:04 - 00000000 ____D C:\ProgramData\GbPlugin
2013-10-25 15:29 - 2013-10-10 18:07 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-25 15:29 - 2013-10-10 18:07 - 00000000 ____D C:\Program Files\CCleaner
2013-10-25 15:28 - 2013-10-25 15:27 - 04379048 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\ccsetup407.exe
2013-10-24 14:04 - 2013-10-24 14:04 - 00000000 ____D C:\Program Files\GbPlugin
2013-10-24 13:50 - 2013-10-24 13:50 - 00720082 _____ C:\Users\Usuario\AppData\Roaming\unins000.exe
2013-10-24 13:50 - 2013-10-24 13:50 - 00012990 _____ C:\Users\Usuario\AppData\Roaming\unins000.dat
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\GAS Tecnologia
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2013-10-24 13:50 - 2013-10-24 13:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-24 13:49 - 2013-10-24 13:49 - 03357248 _____ (GAS Tecnologia ) C:\Users\Usuario\Downloads\gbplugin2.exe
2013-10-18 19:29 - 2013-10-17 00:31 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2013-10-17 21:05 - 2013-08-10 11:48 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000993 _____ C:\Users\Usuario\Desktop\PhotoScape.lnk
2013-10-17 00:31 - 2013-10-17 00:31 - 00000000 ____D C:\Program Files\PhotoScape
2013-10-17 00:29 - 2013-10-17 00:29 - 21330768 _____ (Mooii) C:\Users\Usuario\Downloads\PhotoScape_V3.6.4.exe
2013-10-17 00:29 - 2013-10-10 18:06 - 00000300 _____ C:\Windows\Tasks\UpdaterEX.job
2013-10-17 00:01 - 2013-10-17 00:01 - 00000000 ____D C:\Program Files\predm
2013-10-17 00:00 - 2013-10-17 00:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\avgchrome
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\searchplugins
2013-10-16 23:59 - 2013-10-16 23:59 - 00000000 ____D C:\Windows\system32\Extensions
2013-10-16 23:59 - 2013-10-16 23:57 - 00000047 _____ C:\Archive.ini
2013-10-16 23:57 - 2013-10-16 23:57 - 00000211 _____ C:\fraglist.luar
2013-10-16 23:56 - 2013-10-16 23:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\Spark
2013-10-16 23:40 - 2013-10-16 23:40 - 00111816 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-10-16 23:29 - 2013-08-10 10:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-16 23:29 - 2013-08-09 18:33 - 00000000 ____D C:\Program Files\Adobe
2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Program Files\Common Files\Vbox
2013-10-16 23:20 - 2013-10-16 23:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-16 18:34 - 2013-08-09 17:53 - 00000000 ____D C:\Windows\Panther
2013-10-16 17:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-16 17:11 - 2009-07-14 02:33 - 00425632 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-16 17:09 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-10-16 16:44 - 2013-08-14 15:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-16 16:40 - 2013-08-09 19:21 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-16 16:22 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\wfp
2013-10-16 16:21 - 2013-08-09 18:05 - 00000000 ___HD C:\Users\Usuario
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\AppCompat
2013-10-16 16:21 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-16 16:20 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\registration
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ___HD C:\Users\Usuario\AppData\Local\Google
2013-10-16 16:19 - 2013-08-10 11:47 - 00000000 ____D C:\Program Files\Google
2013-10-16 16:09 - 2010-11-21 00:41 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-15 21:13 - 2013-10-15 21:12 - 00007631 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2013-10-15 19:38 - 2013-08-09 18:07 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore
2013-10-15 18:56 - 2013-10-02 22:35 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\Users\Todos os Usuários\eSafe
2013-10-15 18:55 - 2013-10-15 00:56 - 00000000 ____D C:\ProgramData\eSafe
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2013-10-15 01:14 - 2013-10-15 01:14 - 00000000 ____D C:\ProgramData\Babylon
2013-10-10 20:11 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDealsLive
2013-10-10 18:25 - 2009-07-14 00:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-10-10 18:21 - 2013-10-10 18:06 - 00000000 ____D C:\Program Files\BonanzaDeals
2013-10-10 18:13 - 2013-08-10 09:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpdaterEX
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\Users\Todos os Usuários\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:06 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-10 18:06 - 2013-10-10 18:04 - 00095552 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys
2013-10-10 18:06 - 2013-10-10 18:04 - 00047456 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2013-10-10 18:01 - 2013-10-10 18:01 - 04369632 _____ (Piriform Ltd) C:\Users\Usuario\Downloads\845-ccsetup406.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 23:45 - 2013-08-09 18:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 18:42 - 2009-07-14 02:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 23:57 - 2013-10-06 23:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2013-10-02 22:35 - 2013-08-09 18:38 - 00000000 ____D C:\ProgramData\Skype
2013-10-02 18:57 - 2013-08-09 18:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2012-01-03 16:58] - [2012-01-03 16:58] - 0287232 ____A (Microsoft Corporation) 7295110E1BF93885D29480D29D967E0F
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-01-03 17:44] - [2012-01-03 17:44] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2012-01-03 16:43] - [2012-01-03 16:43] - 0811520 ____A (Microsoft Corporation) 522899528A6DFCAB89AEB895E4DC0EBD
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-01-03 16:43] - [2012-01-03 16:43] - 0246128 ____A (Microsoft Corporation) 4B93EBB74FBAA2A6C16A7E65ABCF1F16
LastRegBack: 2013-10-26 21:59
==================== End Of Log ============================
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Baixe o arquivo fixlist.txt e salve-o na mesma pasta onde encontra-se o FRST
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop
*Reinicie o PC
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute-o, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop
*Reinicie o PC
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute-o, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!
Última edição por wings em Qua 30 Out 2013, 15:05, editado 1 vez(es)
Re: Remover o Baidu pc fast
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013
Ran by Usuario at 2013-10-30 14:50:48 Run:1
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\Baidu Security
C:\Windows\System32\drivers\Bhbase.sys
C:\Windows\System32\drivers\BprotectEx.sys
C:\ProgramData\boost_interprocess
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435};
R2 PCFasterSvc_{PCFaster_3.7.0.0};
R0 Bhbase;
R1 BprotectEx;
R3 PCFApiUtil;
*****************
C:\Program Files\Baidu Security => Moved successfully.
C:\Windows\System32\drivers\Bhbase.sys => Moved successfully.
C:\Windows\System32\drivers\BprotectEx.sys => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f =========
ERRO: sintaxe inv lida.
Digite "REG DELETE /?" para obter detalhes sobre o uso.
========= End of Reg: =========
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= End of Reg: =========
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
PCAppStoreSvc_{PCAppStore_3.8.8.1435} => Service deleted successfully.
PCFasterSvc_{PCFaster_3.7.0.0} => Unable to delete service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
The system needs a manual reboot.
==== End of Fixlog ====
Ran by Usuario at 2013-10-30 14:50:48 Run:1
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\Baidu Security
C:\Windows\System32\drivers\Bhbase.sys
C:\Windows\System32\drivers\BprotectEx.sys
C:\ProgramData\boost_interprocess
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
S2 PCAppStoreSvc_{PCAppStore_3.8.8.1435};
R2 PCFasterSvc_{PCFaster_3.7.0.0};
R0 Bhbase;
R1 BprotectEx;
R3 PCFApiUtil;
*****************
C:\Program Files\Baidu Security => Moved successfully.
C:\Windows\System32\drivers\Bhbase.sys => Moved successfully.
C:\Windows\System32\drivers\BprotectEx.sys => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Baidu PC Faster 3.7.0.0 /f =========
ERRO: sintaxe inv lida.
Digite "REG DELETE /?" para obter detalhes sobre o uso.
========= End of Reg: =========
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v fst_br_4 /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= End of Reg: =========
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
PCAppStoreSvc_{PCAppStore_3.8.8.1435} => Service deleted successfully.
PCFasterSvc_{PCFaster_3.7.0.0} => Unable to delete service
Bhbase => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
The system needs a manual reboot.
==== End of Fixlog ====
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
# AdwCleaner v3.010 - Relatório criado 30/10/2013 às 15:32:23
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\Program Files\BonanzaDeals
Pasta Deletada : C:\Program Files\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\lollipop
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\UpdaterEX
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v30.0.1599.101
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8704 octets] - [30/10/2013 15:31:08]
AdwCleaner[S0].txt - [8487 octets] - [30/10/2013 15:32:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8547 octets] ##########
# Atualizado 20/10/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\Program Files\BonanzaDeals
Pasta Deletada : C:\Program Files\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Usuario\AppData\Local\lollipop
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Delta
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\UpdaterEX
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX
***** [ Atalhos ] *****
***** [ Registro ] *****
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4F97130-C1ED-4CA3-8402-F5A14F66A96F}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2859CDB-58A2-499E-9AC5-6AB704C107C7}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v30.0.1599.101
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8704 octets] - [30/10/2013 15:31:08]
AdwCleaner[S0].txt - [8487 octets] - [30/10/2013 15:32:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8547 octets] ##########
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Baixe o arquivo fixlist.txt e salve-o no mesmo local onde encontra-se o FRST
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop
*Reinicie o PC e informe se foi resolvido
Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!
*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Fix] e cole o relatório Fixlog.txt criado no Desktop
*Reinicie o PC e informe se foi resolvido
Este arquivo fixlist.txt é para uso exclusivo deste usuário e não deve ser utilizado em outro PC!
Re: Remover o Baidu pc fast
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-10-2013
Ran by Usuario at 2013-10-30 15:45:21 Run:2
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f
R2 PCFasterSvc_{PCFaster_3.7.0.0};
*****************
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f =========
ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.
========= End of Reg: =========
PCFasterSvc_{PCFaster_3.7.0.0} => Service deleted successfully.
==== End of Fixlog
Ran by Usuario at 2013-10-30 15:45:21 Run:2
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f
R2 PCFasterSvc_{PCFaster_3.7.0.0};
*****************
========= reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Baidu PC Faster 3.7.0.0" /f =========
ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.
========= End of Reg: =========
PCFasterSvc_{PCFaster_3.7.0.0} => Service deleted successfully.
==== End of Fixlog
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
parcialmente
eu reiniciei o pc, o baidu desta vez nao pediu pra fazer auteraçoes no pc nao. mas eu abri o painel de controle e ele continua la , eu seleciono a opçao desinstalar e aparece uma mensangen dizendo que ele ja foi desistalado, e aparece outra mensagem perguntando se eu desejo remover o baidu da lista de programas, eu clico em sim, ai aparece outra mensagen dizendo que eu nao tenho permiçao somente um administrador.
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Vc precisa estar logado como administrador. Se sua conta não tem privilégios administrativos, vc não conseguirá remover o baidu da lista de programas.thiago.gao escreveu:eu reiniciei o pc, o baidu desta vez nao pediu pra fazer auteraçoes no pc nao. mas eu abri o painel de controle e ele continua la , eu seleciono a opçao desinstalar e aparece uma mensangen dizendo que ele ja foi desistalado, e aparece outra mensagem perguntando se eu desejo remover o baidu da lista de programas, eu clico em sim, ai aparece outra mensagen dizendo que eu nao tenho permiçao somente um administrador.
vlw.
espero que esse baidu nunca mais volte . muinto obrigado Wings
thiago.gao- Iniciante
- Mensagens : 8
Reputação : 1
Data de inscrição : 30/10/2013
Re: Remover o Baidu pc fast
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)
*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run]
*Feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txt
Um abraço...
*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Run]
*Feche o relatório apresentado
Delete o DelFix e o arquivo C:\DelFix.txt
Um abraço...
Re: Remover o Baidu pc fast
CASO RESOLVIDO
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Tópicos semelhantes
» Remover Istart.Websearches, Search Protect e Fast Start
» Remover Baidu
» remover Baidu
» Infecção após ter recebido e aberto email
» Remover Baidu
» Remover Baidu
» remover Baidu
» Infecção após ter recebido e aberto email
» Remover Baidu
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|