[Arquivado] PC liga mas não inicia o windows.exe nem nada

[Gustavo Menezes Freitas 0]

Eu inicio o computador, aparece a tela de bem vindo e depois fica tudo preto, não aparecem as barras, o iniciar, o papel de parede, e não dá pra abrir pasta nenhuma, só pelo Executar (Do gerenciador de tarefas) e mesmo assim abrindo pelo ctrl+alt+del.

Tenho quase certeza que é virus, pois fico sendo redirecionado pra instalação de Flash Player e pra sites duvidosos, e to com vários ads na janela.

Log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:47:41, on 07/02/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Windows 7\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: CrossriderApp0033426 - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [MKLOL] "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Startup: Facebook Messenger.lnk = C:\Users\Windows 7\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

O4 - Global Startup: Windows Firewall Control.lnk = C:\Program Files\Windows Firewall Control\wfc.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Update SquirrelWeb - Unknown owner - C:\Program Files (x86)\SquirrelWeb\updateSquirrelWeb.exe

O23 - Service: Util SquirrelWeb - Unknown owner - C:\Program Files (x86)\SquirrelWeb\bin\utilSquirrelWeb.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Windows Firewall Control (wfcs) - BiniSoft.org - C:\Program Files\Windows Firewall Control\wfcs.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12959 bytes

[DigRam 144]

Boa Noite! Gustavo Menezes Freitas

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como



|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

-/-

|- Baixe: < > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ...
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

Abs!

[Gustavo Menezes Freitas 0]

Depois de uma restauração o Explorer abre, mas agora no navegador tem 2 milhões de ads abertos, o YouTube tá lento, e o PC também, se quiserem, posto outro log do Hijack

[DigRam 144]

Depois de uma restauração o Explorer abre, mas agora no navegador tem 2 milhões de ads abertos, o YouTube tá lento, e o PC também, se quiserem, posto outro log do Hijack

Olá!

 

|- Siga as instruções que estão no Post # 2.

 

Abs!

[Gustavo Menezes Freitas 0]

Aí estão os logs:

ADW Cleaner:

 

 

# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 20:05:54

# Atualizado 28/01/2014 por Xplode

# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

# Usuário : Windows 7 - WINDOWS-7

# Executando de : C:\Users\Windows 7\Downloads\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu

Pasta Deletada : C:\ProgramData\boost_interprocess

Pasta Deletada : C:\Program Files (x86)\DAEMON Tools Toolbar

Pasta Deletada : C:\Program Files (x86)\Iminent

Pasta Deletada : C:\Program Files (x86)\Plus-HD-2.3

Pasta Deletada : C:\Users\Windows 7\AppData\Roaming\baidu

Pasta Deletada : C:\Users\Windows 7\AppData\Roaming\UpdaterEX

Pasta Deletada : C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

[!] Pasta Deletada : C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-chromeinstaller

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader

Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-enabler.job

Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-enabler

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL

Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj

Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1

Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.BHO.1

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox

Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0033426.Sandbox.1

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311341126}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\installedbrowserextensions

Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider

Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-2.3

Chave Deletedo : HKLM\Software\Iminent

Chave Deletedo : HKLM\Software\Plus-HD-2.3

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3

Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v32.0.1700.102

[ Arquivo : C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7320 octets] - [07/02/2014 20:05:06]

AdwCleaner[s0].txt - [6168 octets] - [07/02/2014 20:05:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6228 octets] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Professional x64

Ran by Windows 7 on 07/02/2014 at 20:12:38,65

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322342226}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322342226}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/02/2014 at 20:21:50,49

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Boa Noite! Gustavo Menezes Freitas

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
shortcutfix;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

 

[Gustavo Menezes Freitas 0]

Zoek.exe v5.0.0.0 Updated 10-February-2014

Tool run by Windows 7 on 10/02/2014 at 11:28:13,35.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Windows 7\Downloads\zoek.exe [scan all users] [Deep Scan] [Auto Clean]

==== System Restore Info ======================

10/02/2014 11:29:30 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully

C:\PROGRA~2\Electronic Arts deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Origin Games deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\Users\Windows 7\AppData\Roaming\Google deleted successfully

C:\Users\Windows 7\AppData\Local\Adobe deleted successfully

==== Creating Sample_022014_1138.zip ======================

Copied file C:\Users\Windows 7\AppData\Roaming\unins000.exe to sample\unins000.exe

sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

C:\Users\Public\Desktop\sample_022014_1138.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2338029716-1146645151-3712591886-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\MKJogo\MKLOL\MK.exe

C:\Users\Windows 7\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Users\Windows 7\Downloads\zoek.exe

C:\Users\Windows 7\Downloads\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Windows 7\AppData\Local\genienext deleted

C:\Users\Windows 7\daemonprocess.txt deleted

C:\Users\Windows 7\.android deleted

C:\PROGRA~2\Mobogenie deleted

C:\Users\Windows 7\AppData\Roaming\newnext.me deleted

C:\ProgramData\hash.dat deleted

C:\ProgramData\FileSplitUpLoad.dll deleted

C:\ProgramData\ProductData deleted

C:\ProgramData\Package Cache deleted

C:\Users\Windows 7\AppData\Local\Mobogenie deleted

C:\Users\Windows 7\AppData\Local\cache deleted

C:\Users\Windows 7\Documents\Mobogenie deleted

C:\Users\Windows 7\AppData\Roaming\unins000.exe deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 16348 MB

CPU Info: Intel® Core i5-3330 CPU @ 3.00GHz

CPU Speed: 3062,3 MHz

Sound Card: Alto-falantes (Realtek High Def |

Display Adapters: NVIDIA GeForce GTX 550 Ti | NVIDIA GeForce GTX 550 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Monitor Genérico PnP |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Edatel | Realtek PCIe GBE Family Controller | Hamachi Network Interface

CD / DVD Drives: 5x (D: | G: | I: | J: | K: | ) D: ATAPI iHAS122 W | G: CHM 0LUBSTU | I: CHM 0LUBSTU | J: CHM 0LUBSTU | K: CHM 0LUBSTU

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 931,4GB

Hard Disks - Free: C: 152,8GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 01/09/13 | _ASUS_ - 1072009

Time Zone: Hora oficial do Brasil

Motherboard *: Gigabyte Technology Co., Ltd. H61M-S1

Country: Brasil

Language: PTB

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

Anti-Spyware: avast! Antivirus disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 32.0.1700.107

Internet Explorer Version: 11.0.9600.16476

Google Chrome version: 32.0.1700.107

Sun Java version: 1.7.0_51 (32-bit)

Flash Player version: 12.0.0.44

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\WINDOW~1\AppData\Local\Temp ====

2014-02-07 22:12:28 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2014-02-07 21:44:22 D496480A00ABDE0655C0FDCE9530B43E 216064 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\gcapi_dll.dll

2014-02-07 21:44:22 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\Checkupdate.exe

2014-02-07 21:44:22 23700AA70D1751D592D8641FC0E0660F 73408 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\gtapi_signed.dll

2014-02-07 21:44:21 B146AEECB6F585EEAF3DF4006735413D 8465984 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\Foxit Reader Updater.exe

2014-02-03 06:00:54 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\is701137889\174617862_stp.EXE

2014-02-03 06:00:40 A6FDA499B40B92558A58CECED6D53673 5550080 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\is701137889\174603566_stp.EXE

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2014-02-03 06:02:14 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2014-01-15 10:27:51 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys

2014-01-15 10:27:51 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys

2014-01-15 10:27:51 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys

2014-01-15 10:27:50 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys

2014-01-15 10:27:50 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys

2014-01-15 10:27:50 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys

2014-01-15 10:27:50 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys

2014-01-15 10:27:44 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

====== C:\Windows\Tasks ======

2014-02-07 20:55:07 32F835F905571185FDD0A5046596E93C 3924 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update

2014-02-07 20:35:07 6432E0C2D7E441A2B611CFB417E6670B 3162 ----a-w- C:\Windows\Sysnative\Tasks\{2FED8559-5E57-4697-B9C6-826A9B225DEB}

2014-01-18 12:52:23 3D82237BF41785F786B34AFF92A5F74A 3162 ----a-w- C:\Windows\Sysnative\Tasks\{B9864238-048E-4D28-919F-85FDF6771A5B}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-01-21 04:44:44 -------- d-----w- C:\Program Files\Windows Firewall Control

2014-01-11 14:19:55 -------- d-----w- C:\Program Files\Nexus Mod Manager

======= C:\PROGRA~2 =====

2014-02-07 21:44:12 -------- d-----w- C:\PROGRA~2\ESO Survey Live

2014-02-04 01:36:27 -------- d-----w- C:\PROGRA~2\PCSX2 1.2.1

2014-01-25 13:04:57 -------- d-----w- C:\PROGRA~2\Dead Island

2014-01-11 14:22:42 -------- d-----w- C:\PROGRA~2\PC Blast

======= C: =====

====== C:\Users\Windows 7\AppData\Roaming ======

2014-02-09 16:09:54 -------- d-----w- C:\Users\Windows 7\AppData\Roaming\Awesomium

2014-02-07 21:44:19 -------- d-----w- C:\Users\Windows 7\AppData\Roaming\com.immersyve.Paladin.live

2014-02-06 21:28:37 -------- d-----w- C:\Users\USURIO~1\AppData\Local\temp

2014-02-06 21:28:37 -------- d-----w- C:\Users\Public\AppData\Local\temp

2014-02-06 21:28:37 -------- d-----w- C:\Users\Default\AppData\Local\temp

2014-02-06 21:28:37 -------- d-----w- C:\Users\Default User\AppData\Local\temp

2014-01-27 02:47:20 -------- d-----w- C:\Users\Windows 7\AppData\Locallow\Red Dot Games

2014-01-25 15:05:19 -------- d-----w- C:\Users\Windows 7\AppData\Local\Apps

2014-01-25 15:05:18 -------- d-----w- C:\Users\Windows 7\AppData\Local\Deployment

2014-01-22 15:34:18 81B4EA6EE7DA177DA0E27315021BAA2E 110096 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-20 01:51:56 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm

2014-01-20 01:51:03 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking

2014-01-13 23:21:24 -------- d-----w- C:\Users\Windows 7\AppData\Local\4A Games

2014-01-12 22:32:12 -------- d-----w- C:\Users\Windows 7\AppData\Roaming\DarknessII

2014-01-12 17:01:58 -------- d-----w- C:\Users\Windows 7\AppData\Roaming\local

2014-01-11 14:20:02 -------- d-----w- C:\Users\Windows 7\AppData\Local\Black_Tree_Gaming

====== C:\Users\Windows 7 ======

2014-02-09 23:07:25 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\Desktop

2014-02-09 21:08:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Automation

2014-02-09 21:04:25 FCCEC756458188623D84021AF7F4F4A3 5931462 ----a-w- C:\Users\Windows 7\Downloads\Launcher_Setup.exe

2014-02-09 15:51:17 -------- d-----w- C:\Users\TODOSO~1\Elder Scrolls Online

2014-02-09 15:51:17 -------- d-----w- C:\ProgramData\Elder Scrolls Online

2014-02-07 22:11:45 56DBC01BF6DFBA60A863DE308FB58334 1037530 ----a-w- C:\Users\Windows 7\Downloads\JRT.exe

2014-02-07 22:04:06 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\Windows 7\Downloads\adwcleaner.exe

2014-02-07 21:44:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESO Survey Live

2014-02-07 21:43:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta

2014-02-07 20:58:29 ED9732313C13A9E3601FB410A35AE98B 55903624 ----a-w- C:\Users\Windows 7\Downloads\Install_ESO_Beta.exe

2014-02-06 21:28:37 -------- d-----w- C:\Users\Public\AppData

2014-02-04 02:13:42 48C539D4436F0CA806D9F0CE614E6C9B 17660184 ----a-w- C:\Users\Windows 7\Downloads\picasa39-setup.exe

2014-02-04 01:41:32 6BD3893BE0A19EF508C20AE45B877573 588672 ----a-w- C:\Users\Windows 7\Downloads\Setup (2).exe

2014-02-04 01:36:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2

2014-02-04 01:31:14 C4CDDF63DA9370188212C60E3FDD6BDD 15127264 ----a-w- C:\Users\Windows 7\Downloads\pcsx2-1.2.1-r5875-setup.exe

2014-02-03 18:38:33 E66A91DBC0733E54CEBC8682025C3210 2189387 ----a-w- C:\Users\Windows 7\Downloads\Singularity_br-v1.exe

2014-02-03 18:36:30 7D31C50A6FA6038451DE91CA5E3ADBFA 715608 ----a-w- C:\Users\Windows 7\Downloads\Singularity_br-v1.01[www.tribodosrenegados.com.br].exe

2014-02-03 18:31:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Singularity

2014-02-03 06:01:46 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Windows 7\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-31 15:47:43 1E583A7B41F40BE191325305B3F42D29 2393640 ----a-w- C:\Users\Windows 7\Downloads\DiagnosticoBB.exe

2014-01-28 00:59:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titans Of Wow

2014-01-18 11:24:52 -------- d-----w- C:\Users\TODOSO~1\Test Drive Unlimited

2014-01-18 11:24:52 -------- d-----w- C:\ProgramData\Test Drive Unlimited

2014-01-16 22:38:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-16 04:44:46 -------- d-----w- C:\Users\TODOSO~1\Battle.net

2014-01-16 04:44:46 -------- d-----w- C:\ProgramData\Battle.net

2014-01-15 21:33:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\METAL GEAR RISING REVENGEANCE

2014-01-12 17:11:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout New Vegas

2014-01-12 17:01:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks

2014-01-11 14:22:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Blast

2014-01-11 14:19:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

====== C: exe-files ==

2014-02-10 03:24:18 41650031E64238B4C9CD89AD0A4B8967 462520 ----a-w- C:\Program Files (x86)\RaidCall\tmp_liveupdate.exe

2014-02-09 22:44:06 03FDFD1D3BC3429F4F929ADA01762825 162738 ----a-w- C:\Games\Automation\Uninstall Automation.exe

2014-02-09 21:10:44 F3D08CED3DEA4B1E9AE1F6378EBA4C3A 760003660 ----a-w- C:\Users\Windows 7\Documents\Automation\Installers\Automation_Install_B1323.exe

2014-02-09 21:08:17 DEC6F179F4B002884340C7F75A9081DB 83062 ----a-w- C:\Games\Automation\Uninstal.exe

2014-02-09 21:04:25 FCCEC756458188623D84021AF7F4F4A3 5931462 ----a-w- C:\Users\Windows 7\Downloads\Launcher_Setup.exe

2014-02-09 11:18:48 E5C6EB500F995A787434762DBDAE6DA6 854016 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe

2014-02-09 09:21:27 0A3E3C0B392E0B9094101D17B24D5BB6 627712 ----a-w- C:\Games\Zenimax Games\The Elder Scrolls Online\game\client\ZoCrashReporter.exe

2014-02-09 09:21:23 DBEFB0D1CCE12C4BB1246535A3A1AAD4 31085056 ----a-w- C:\Games\Zenimax Games\The Elder Scrolls Online\game\client\eso.exe

2014-02-09 09:21:23 50D4FAA7C0091842C413F2F37E7F2A4A 453944 ----a-w- C:\Games\Zenimax Games\The Elder Scrolls Online\game\client\AwesomiumProcess.exe

2014-02-08 02:56:15 4336FBC3A8A75922456D194391A5999C 36528344 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_chrome_installer.exe

2014-02-07 23:24:49 D5E86CD24F6E7255BA120E6B1FCA26F8 721408 ----a-w- C:\Program Files (x86)\Steam\vr\runtime\bin\vrcmd_x64.exe

2014-02-07 23:24:49 5CD08AC841E8A3AC73AC7BB35CBF0CB3 598528 ----a-w- C:\Program Files (x86)\Steam\vr\runtime\bin\vrserver.exe

2014-02-07 23:24:49 3DAC53CD849089255443906B6E0FD188 6406144 ----a-w- C:\Program Files (x86)\Steam\vr\runtime\drivers\oculus\utils\OculusConfigUtil.exe

2014-02-07 23:24:48 F0A4A0BD0CEC00823B31A1C2C7F3815B 569856 ----a-w- C:\Program Files (x86)\Steam\vr\runtime\bin\vrcmd.exe

2014-02-07 23:24:16 1A72E2A927DB9973C3A07E813D8D371B 70144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vvis.exe

2014-02-07 23:23:27 CF4EE3B041BD3EAAFB0C2411E77444DD 79872 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vrad.exe

2014-02-07 23:23:24 448AD94671BFDF1E3BFF27566BB22768 79360 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\shadercompile.exe

2014-02-07 23:22:49 DD05AAECAC4AD5CDE2BF820C71DA85E7 133120 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\splitskybox.exe

2014-02-07 23:22:46 2904BDE55BBE2CE52B55EE957228DBFA 88768 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

2014-02-07 23:22:43 051198D8E715ECFEC5AB4C4150E02667 69632 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vtex.exe

2014-02-07 23:21:50 98EF96E3129CBA1CF51B5FAC0F4E4D6D 144896 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hammer.exe

2014-02-07 23:21:49 CC825D4C74006300C3D7253891440890 197120 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\glview.exe

2014-02-07 23:21:41 A8F3E4B4BD3F6F9BC540D4F3AE570702 178176 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\captioncompiler.exe

2014-02-07 22:27:21 F88444719321B0B2FA2FD8981B3212D6 167968 ----a-w- C:\Games\Zenimax Games\Launcher\launcher_helper.exe

2014-02-07 22:13:22 FC2BF8E5F7E3E5D938233C2B153B69F5 417792 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vbspinfo.exe

2014-02-07 22:13:22 FA41D15061F7E769DD0A1D33BF122303 1912832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\studiomdl.exe

2014-02-07 22:13:22 F0A4A0BD0CEC00823B31A1C2C7F3815B 569856 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrcmd.exe

2014-02-07 22:13:22 E3397D585AC3219856223C60780D256D 564224 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmxconvert.exe

2014-02-07 22:13:22 DE1765E52242AD017359A1F38BAC3B35 1453056 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vbsp.exe

2014-02-07 22:13:22 DDE61E3EFAA04AC9054905A2B00C50B7 3236352 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\elementviewer.exe

2014-02-07 22:13:22 D7D04977E7E9F4C7583F5CABC800E69A 655872 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vpk.exe

2014-02-07 22:13:22 D5E86CD24F6E7255BA120E6B1FCA26F8 721408 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrcmd_x64.exe

2014-02-07 22:13:22 CF39255CCC18E76BBEEDFC63ACFE5148 424960 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\bspzip.exe

2014-02-07 22:13:22 A91E74DACB8FDD0D42B59E958B03F4EA 713728 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vtf2tga.exe

2014-02-07 22:13:22 9A1F47C2FEFA4785F04DF1E6F0E6F512 1696768 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmxedit.exe

2014-02-07 22:13:22 8E0B9DE0EEE86576453DAE0B1E301EF8 698880 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\height2ssbump.exe

2014-02-07 22:13:22 8D16B7FD74EB7748EF65C07AE8441487 687104 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\height2normal.exe

2014-02-07 22:13:22 6EB8B3EF5F3543FC80C1BD4D3A93488D 301056 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\motionmapper.exe

2014-02-07 22:13:22 6701CAD42388641C3CB9015A26AE8021 460800 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hlmv.exe

2014-02-07 22:13:22 66AF094EC756E18A0DDB72BAEC940FC1 700928 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\mksheet.exe

2014-02-07 22:13:22 5CD08AC841E8A3AC73AC7BB35CBF0CB3 598528 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrserver.exe

2014-02-07 22:13:22 54217524E0802ECDC67D10D62FCD20D9 2737664 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\qc_eyes.exe

2014-02-07 22:13:22 4DB24ECC754202A67D3C15B6368D50E2 1670144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hlfaceposer.exe

2014-02-07 22:13:22 4231272C8A0A58E090A4938FAF586C8C 683008 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\normal2ssbump.exe

2014-02-07 22:13:22 13278934AD8F942BD11DC997967A2DC2 630272 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\pfm2tgas.exe

2014-02-07 22:12:28 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

2014-02-07 22:11:50 BE3F2AC50C5A236826B475A440488639 57024 ----a-w- C:\Program Files (x86)\Steam\bin\x86launcher.exe

2014-02-07 22:11:45 56DBC01BF6DFBA60A863DE308FB58334 1037530 ----a-w- C:\Users\Windows 7\Downloads\JRT.exe

2014-02-07 22:04:06 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\Windows 7\Downloads\adwcleaner.exe

2014-02-07 21:52:57 BA7524A2D91F895CE7502C78B6A4CBAF 732888 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe

2014-02-07 21:44:22 D4945107DF8F56CC4DC858C0694C13E2 26688 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\Checkupdate.exe

2014-02-07 21:44:21 B146AEECB6F585EEAF3DF4006735413D 8465984 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\Foxit Reader Updater.exe

2014-02-07 21:44:13 80D2B3096F80F86D6FEA4E1823CADC7E 59392 ----a-w- C:\Program Files (x86)\ESO Survey Live\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe

2014-02-07 21:44:12 F34247B92AE2492B9840F471A79C7561 714998 ----a-w- C:\Program Files (x86)\ESO Survey Live\unins000.exe

2014-02-07 21:44:12 BA890798DABC2B10E25C1BE9E9260C5C 64000 ----a-w- C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe

2014-02-07 21:43:51 AD1005CDC33F8AF43FB37682900D4B5F 14990384 ----a-w- C:\Games\Zenimax Games\Launcher\Bethesda.net_Launcher.exe

2014-02-07 21:43:50 2911FEE6C466B53364FADE94FC1D6FD2 717981 ----a-w- C:\Games\Zenimax Games\Launcher\unins000.exe

2014-02-07 20:58:29 ED9732313C13A9E3601FB410A35AE98B 55903624 ----a-w- C:\Users\Windows 7\Downloads\Install_ESO_Beta.exe

2014-02-04 02:13:42 48C539D4436F0CA806D9F0CE614E6C9B 17660184 ----a-w- C:\Users\Windows 7\Downloads\picasa39-setup.exe

2014-02-04 01:41:32 6BD3893BE0A19EF508C20AE45B877573 588672 ----a-w- C:\Users\Windows 7\Downloads\Setup (2).exe

2014-02-04 01:36:27 5038615D4055F45783E22E1278EF1AED 66437 ----a-w- C:\Program Files (x86)\PCSX2 1.2.1\Uninst-pcsx2-r5875.exe

2014-02-04 01:31:14 C4CDDF63DA9370188212C60E3FDD6BDD 15127264 ----a-w- C:\Users\Windows 7\Downloads\pcsx2-1.2.1-r5875-setup.exe

2014-02-03 18:40:12 2D01EEAD41C82D22981B6E1C9F05FFB1 143503 ----a-w- C:\Games\Singularity\Desinstalar a Tradução.exe

2014-02-03 18:40:11 63EC22729237D590BE2DCF6DF4C50CEB 25242112 ----a-w- C:\Games\Singularity\Backup_TR\Binaries\Singularity.exe

2014-02-03 18:38:33 E66A91DBC0733E54CEBC8682025C3210 2189387 ----a-w- C:\Users\Windows 7\Downloads\Singularity_br-v1.exe

2014-02-03 18:36:30 7D31C50A6FA6038451DE91CA5E3ADBFA 715608 ----a-w- C:\Users\Windows 7\Downloads\Singularity_br-v1.01[www.tribodosrenegados.com.br].exe

2014-02-03 18:31:01 E5A878EFCEC5E05B06455BB759B9C862 989616 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\uninstall.exe

2014-02-03 18:31:01 E5A878EFCEC5E05B06455BB759B9C862 989616 ------w- C:\Program Files (x86)\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe

2014-02-03 15:55:40 ABB2F03F1EF60D070854102DDE9C1F62 5374336 ----a-w- C:\Program Files (x86)\PCSX2 1.2.1\pcsx2-r5875.exe

=== C: other files ==

2014-02-10 13:38:04 CA6E3800391A8DF75FDC70CB1A0E9730 331976 ----a-w- C:\Users\Public\Desktop\sample_022014_1138.zip

2014-02-07 22:13:22 EBE52760680FBBA183A3E06392188F97 7392448 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\itemtest.com

2014-02-07 22:12:28 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\modules.bat

2014-02-07 22:12:28 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\runvalues.bat

2014-02-07 22:12:28 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\prelim.bat

2014-02-07 22:12:28 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\searchlnk.bat

2014-02-07 22:12:28 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\TDL4.bat

2014-02-07 22:12:27 DFB8D08F2FD68D58239045B366D68CE2 10261 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\JRT.bat

2014-02-07 22:12:27 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\chrome.bat

2014-02-07 22:12:27 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\FWPolicy.bat

2014-02-07 22:12:27 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\ask.bat

2014-02-07 22:12:27 AE697BC275F5B52FB9E1164F14FB18F8 151936 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\firefox.bat

2014-02-07 22:12:27 8C7709AE609C5235976C4567E810D4B8 154424 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\misc.bat

2014-02-07 22:12:27 868D0E22DC055BA214D7EC71600F2CFA 16063 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\get.bat

2014-02-07 22:12:27 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\ev_clear.bat

2014-02-07 22:12:27 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\iexplore.bat

2014-02-07 22:12:27 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\delorphans.bat

2014-02-07 22:12:27 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\medfos.bat

2014-02-07 22:12:27 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Windows 7\AppData\Local\Temp\jrt\delfolders.bat

2014-02-07 17:09:21 064178F63EBCFC9FEFE47E2C83398100 32859392 ----a-w- C:\Users\Windows 7\Downloads\ST13 - Devdemo - Mitsubishi Pajero Wagon 3.2 tdi.zip

2014-02-04 02:15:31 79820515B42A44DE36FC7D5952A16234 4006226 ----a-w- C:\Users\Windows 7\Desktop\2014-01-14.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2338029716-1146645151-3712591886-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"uTorrent"="C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

"Facebook Update"="C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"MKLOL"="C:\Program Files (x86)\MKJogo\MKLOL\MK.exe -auto"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"

"uTorrent"="C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"

"Facebook Update"="C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"MKLOL"="C:\Program Files (x86)\MKJogo\MKLOL\MK.exe -auto"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BlueStacks Agent"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EADM"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LogMeIn Hamachi Ui"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NextLive"

"hkey"="HKCU"

"command"="C:\\Windows\\SysWOW64\\rundll32.exe \"C:\\Users\\Windows 7\\AppData\\Roaming\\newnext.me\\nengine.dll\",EntryPoint -m l"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PMBVolumeWatcher"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Windows 7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Flow.url]

"path"="C:\\Users\\Windows 7\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Flow.url"

"backup"="C:\\Windows\\pss\\Flow.url.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Windows 7\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Flow.url"

"item"="Flow"

==== Startup Folders ======================

2013-09-08 14:42:34 1286 ----a-w- C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

2014-02-07 21:44:15 1103 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ESO Survey Live.lnk

2014-01-21 04:44:51 1042 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2014 21:02]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2338029716-1146645151-3712591886-1000Core.job --a------ C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe [08/09/2013 12:35]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2338029716-1146645151-3712591886-1000UA.job --a------ C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe [08/09/2013 12:35]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2013 14:24]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2338029716-1146645151-3712591886-1000Core" [C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2338029716-1146645151-3712591886-1000UA" [C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Raidcall_EN" [C:\Program Files (x86)\RaidCall\raidcall.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2013 21:29]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Windows 7\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[09/11/2013 11:51]

Google Docs - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

avast WebRep - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

Google Wallet - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Plus-HD-2.3 - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

GBBD Banco do Brasil - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

Gmail - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vanity-remover.softonic.com.br_0.localstorage deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vanity-remover.softonic.com.br_0.localstorage-journal deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0.localstorage deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0.localstorage-journal deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0 deleted successfully

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Windows 7\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [MKLOL] "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Startup: Facebook Messenger.lnk = C:\Users\Windows 7\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

O4 - Global Startup: ESO Survey Live.lnk = C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe

O4 - Global Startup: Windows Firewall Control.lnk = C:\Program Files\Windows Firewall Control\wfc.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{A4060823-72D1-40B8-9394-F4D39A6EEB43}: NameServer = 8.8.8.8 8.8.4.4

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Windows Firewall Control (wfcs) - BiniSoft.org - C:\Program Files\Windows Firewall Control\wfcs.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Windows 7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Windows 7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=244 folders=75 29537399 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Public\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Windows 7\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\WINDOW~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10/02/2014 at 11:47:32,59 ======================

[DigRam 144]

Bom Dia! Gustavo Menezes Freitas

 

|- Baixe: < SFTGC > ( ... de Pierre13 )
|- Salve-o no desktop!
|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!



|- Execute-o e clique "Go".
|- Aguarde seu término,que é rápido.
|- Poste o relatório! ( SFT.txt )
|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
|- Acesse,para essa tarefa! < >

|- Poste HijackThis,atualizado! << Log

 

Abs!

[DigRam 144]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.