Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Weick

[Resolvido] Infestação de malwares: DealNoDeal, SalePlus e outros

Recommended Posts

Pessoal,

 

Estou com o note infestado de pragas. Quando abro o navegador, várias extensões são instaladas e por mais que eu as delete e as desinstale do note, não consigo me livrar delas, elas sempre voltam. O resultado é que em toda página aparecem propagandas no topo ou no meio da página e às vezes páginas são carregadas automaticamente (estou lendo um artigo, de repente saio do site e estou em uma outra página). Esses anúncios vem com o nome de "Ad by SalePlus" ou "Ad by DealNoDeal" dentre outros.

 

Obs.: quando rodei o Hijackthis, apareceu uma mensagem dizendo o seguinte:

 

"For some reasons the system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\WINDOWS\System32\drivers\etc\hosts and press enter. Find the line(s) HijackThis reports and delete them. Save this file as 'hosts' (with quotes) and reboot."

 

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:22:42 PM, on 2015-04-14
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\ProgramData\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\Driver ToolKit 8.3 License Key Crack for Free download.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Vi\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: G-Buster Browser Defense BANESE - {C41A1C0E-EA6C-11D4-B1B8-444553540027} - C:\Program Files (x86)\GbPlugin\gbiehbes.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Driver ToolKit 8.3 License Key Crack for Free download.lnk = C:\ProgramData\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\Driver ToolKit 8.3 License Key Crack for Free download.exe
O4 - Startup: Driver Toolkit 8.4 Working License Key and Crack Free Download.lnk = C:\ProgramData\{4e410934-b586-2d1d-4e41-10934b5824d2}\Driver Toolkit 8.4 Working License Key and Crack Free Download.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.banese.b.br
O15 - Trusted Zone: wwws.banese.b.br
O15 - Trusted Zone: egov.banese.com.br
O15 - Trusted Zone: www.banese.com.br
O15 - Trusted Zone: wwws.banese.com.br
O15 - Trusted Zone: www.banesecard.com.br
O15 - Trusted Zone: portaldoservidor.se.gov.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBes - C:\Program Files (x86)\GbPlugin\gbiehBes.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6405 bytes
Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Bom Dia! Weick /!\

 

"For some reasons the system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\WINDOWS\System32\drivers\etc\hosts and press enter. Find the line(s) HijackThis reports and delete them. Save this file as 'hosts' (with quotes) and reboot."

> Falso positivo do HijackThis,que eventualmente,não tem acesso ao hosts.

 

> Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
ZHPDiag_Pergaminho2_zps6e758639.jpg
> Execute o ícone do pergaminho. ( ZHPDiag )
Vnc4TryL.jpg
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.
> Ou acesse: < Cjoint_Logo.jpg >
> Maiores informações: < |Link| > << Hospedagem!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Bom Dia! Weick /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
HiddenFix
[MD5.40E9ED890AF3975476A6EE7BFA31BA66] [sPRF][2015-03-10] (.No owner - Setup/Uninstall.) -- C:\Users\Vi\AppData\Roaming\unins000.exe [812193]
[MD5.7488533E2D6A6DE19BD3D01C9BE04023] - (...) -- C:\Users\Vi\AppData\Local\Temp\5F20.exe [485376] [PID.4928]
O2 - BHO: Skype for Business Click to Call BHO [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} Orphan key
C:\ProgramData\boost_interprocess
C:\Users\Vi\AppData\Local\Apps
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCR\CLSID\{ba790571-915e-4617-a10c-cdf3ef46439b}] (youtubeadblocker)
[HKLM\Software\Classes\AppID\secman.DLL]
[HKLM\Software\Wow6432Node\AIM Toolbar]
[HKLM\Software\Baidu Security]
[HKCU\Software\Baidu Security]
[HKCU\Software\Linkey]
sysrestore


> Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

Segue log:

 

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Vi at 2015-04-19 3:23:13 PM
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Recycle Bin emptied (03mn AMs)
Prefetcher emptied
========== Registry keys ==========
REMOVES:* HKCR\CLSID\{ba790571-915e-4617-a10c-cdf3ef46439b}
REMOVES: HKLM\Software\Classes\AppID\secman.DLL
REMOVES: HKLM\Software\Wow6432Node\AIM Toolbar
REMOVES:* HKLM\Software\Baidu Security
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKCU\Software\Linkey
========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
REMOVES: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
REMOVES: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
REMOVES: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
REMOVES: FirewallRaz (None) : NetPres-WSD-In-UDP
REMOVES: FirewallRaz (None) : NetPres-WSD-Out-UDP
REMOVES: FirewallRaz (Public) : NetPres-In-TCP
REMOVES: FirewallRaz (Public) : NetPres-Out-TCP
REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP
REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP
REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
REMOVES: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
========== Elements of the registry data ==========
REPLACES Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Folders ==========
Deletes temporary Windows (10)
REMOVES Flash Cookies (0)
REMOVES: c:\programdata\boost_interprocess
REMOVES: c:\users\vi\appdata\local\apps
========== Files ==========
Deletes temporary Windows (14) (851,477 octets)
REMOVES Flash Cookies (0) (0 octets)
========== Hidden folders/files restored ==========
Mes images (My Pictures) : 11 restored successfully
Ma musique (My Music) : 7 restored successfully
Ma Video (My Video) : 1 restored successfully
Mes Favoris (My Favorites) : 2 restored successfully
Mes Documents (My Documents) : 1 restored successfully
Mon Bureau (My Desktop) : 1 restored successfully
Menu demarrer (Programs) : 10 restored successfully
Dossier utilisateur (AppData) : 20 restored successfully
Programmes (Program Files) : 17 restored successfully
========== System restore ==========
The system successfully created restore point
========== Summary ==========
6 : Registry keys
14 : Registry values
1 : Elements of the registry data
4 : Folders
2 : Files
70 : Hidden folders/files restored
1 : System restore
End of clean in 20mn AMs
========== Path to file report ==========
C:\Users\Vi\AppData\Roaming\ZHP\ZHPFix[R1].txt - 2015-04-19 3:23:17 PM [2728]
MUITO obrigado,
Weick

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! Weick /!\

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< Executar_Administrador.jpg >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
AdwCleaner_Examinar_zps828ed634.jpg
> Ps: Dê início ao scan,clicando em "Examinar".
AdwCleaner_Limpar_zps06005ae9.jpg
> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

> Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
Executar_Administrador.jpg
KRBKDhB8.jpg
> Aguarde a conclusão e poste o relatório. ( JRT.txt )
A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

Seguem relatórios:

 

adwcleaner

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 18:30:55
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [server]
# Operating system : Windows 8.1 Single Language (x64)
# Username : Vi - VSAM-NB
# Running from : C:\Users\Vi\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v41.0.2272.118
*************************
AdwCleaner[R0].txt - [738 bytes] - [14/04/2015 18:29:10]
AdwCleaner[s0].txt - [664 bytes] - [14/04/2015 18:30:55]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [722 bytes] ##########
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.9 (04.19.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Vi on 2015-04-20 at 19:29:52.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2242910852-1522185380-850179407-1001
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2242910852-1522185380-850179407-500
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540027}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540027}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540027}
~~~ Files
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVER TOOLKIT 8.3 LICENSE KE-2A509D8D.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVER TOOLKIT 8.4 WORKING LI-F8E4A571.pf
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\baidu security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-04-20 at 19:33:23.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Obrigado,

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! Weick /!\

 

zx4ZII3H.jpg
> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < Zoek-exe.png > ( ... by Smeenk )
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Feche seu navegador!
> Para Windows 7,execute Zoek.exe como administrador.
emptyfolderscheck;delete
resetieproxy;
chromelook;
firefoxlook;
shortcutfix;
quickscan;
emptytemp;
autoclean;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 30 minutos ou mais.
> Confirme o reboot!
zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

Zoek rodou sem erros. Segue log

 

Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Vi on 2015-04-21 at 8:42:53.37.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Vi\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
2015-04-21 8:45:14 AM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\Vi\AppData\Local\SKIDROW deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\aloabmppojelahdamjgjcndbdenoghci deleted
C:\PROGRA~3\epnbmccgpfhkfmlikbbiojjpjehfllkf deleted
C:\PROGRA~3\jkcmbmgehienpclegogefgjkejbbppek deleted
C:\PROGRA~3\{49f71d88-1773-51d1-49f7-71d881777620} deleted
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Driver ToolKit 8.3 License Key Crack for Free download.lnk deleted
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Driver Toolkit 8.4 Working License Key and Crack Free Download.lnk deleted
C:\PROGRA~3\14874686664167840276 deleted
C:\Users\Vi\.android deleted
C:\B000.tmp deleted
C:\ZHPDiag2.exe deleted
C:\Users\Vi\AppData\Roaming\appdataFr3.bin deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Vi\AppData\Roaming\unins000.exe deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}\5d17585c0f91bd19" not deleted
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}\90eafe0928455acd" not deleted
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\23071211da6b8c89" not deleted
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\Driver ToolKit 8.3 License Key Crack for Free download.exe" deleted
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\eefab444fdbf6b5d" not deleted
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}" not deleted
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}" not deleted
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2015-04-20 22:30:01 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\WINDOWS\tweaking.com-regbackup-VSAM-NB-Windows-8.1-Single-Language-(64-bit).dat
====== C:\Users\Vi\AppData\Local\Temp ====
2015-04-21 11:38:50 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\C548.exe
2015-04-20 22:51:03 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\20D8.exe
2015-04-20 22:29:27 FDD26A402322F212DCA153FF8B1FFB6E 78816 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-04-20 22:29:27 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-04-20 22:29:27 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\regex2.dll
2015-04-20 22:29:26 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\libiconv2.dll
2015-04-20 22:29:26 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\libintl3.dll
2015-04-20 22:29:26 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-04-20 22:29:26 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\pcre3.dll
2015-04-20 22:29:26 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
2015-04-20 22:28:08 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\2D80.exe
2015-04-20 21:03:32 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\C5D8.exe
2015-04-20 15:39:30 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\8F40\temp\2880.exe
2015-04-20 12:48:46 1412FA64CD13E44E85D51FDDC97CFCAB 385024 ----a-w- C:\Users\Vi\AppData\Local\Temp\BE78\temp\Chaturbate Token Hack Tool 2014 Fully Cracked Working Cheats.exe
2015-04-20 12:48:39 1412FA64CD13E44E85D51FDDC97CFCAB 385024 ----a-w- C:\Users\Vi\AppData\Local\Temp\D000.exe
2015-04-19 19:06:18 376E4CFAA0CB5B487B2B5A5426BEA58A 40448 ------w- C:\Users\Vi\AppData\Local\Temp\proxy_vole8753661764148910314.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-04-14 20:32:04 8A4CEBF34370D689E198E6673C1F2C40 74072 ----a-w- C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-04-14 20:32:04 81DFDDFB401D663BA7E6AD1C80364216 527192 ----a-w- C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-04-14 20:32:00 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-04-14 20:31:58 8E0BB968FF41D80E5F2C747C04DB79AE 248672 ----a-w- C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-04-14 20:31:43 501AC862517C5445742BEE8A2B88414E 453456 ----a-w- C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-04-14 20:31:31 91B4AAD4412BB223B466F3DFB43E86DA 452440 ----a-w- C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-04-14 20:31:31 3384134EEB8F223178C2EB8323003EC0 2036576 ----a-w- C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-04-14 20:31:28 EEA5E428CE63804F9B12D21C97B5968F 4379984 ----a-w- C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-04-14 20:30:39 26AF232140C88B42D92A88F2198EDF6A 3426072 ----a-w- C:\WINDOWS\SysWOW64\d3dx9_32.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-04-15 10:52:18 2C1EA4F0084B46604F4F437776551F36 33592 ----a-w- C:\WINDOWS\Sysnative\WinDivert.dll
2015-04-15 10:52:14 8D568B1E99BAD4BCC9B58A06E22A5354 37592 ----a-w- C:\WINDOWS\Sysnative\WinDivert64.sys
2015-04-14 20:32:04 E9739AE8B2FA28DCD6F2EF5525DA8827 77656 ----a-w- C:\WINDOWS\Sysnative\XAPOFX1_5.dll
2015-04-14 20:32:04 4F7513FF4DE6303088DB28DCBCEF372C 518488 ----a-w- C:\WINDOWS\Sysnative\XAudio2_7.dll
2015-04-14 20:32:00 ADA0C39D4EACDC81FD84163A95D62079 2526056 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_43.dll
2015-04-14 20:31:58 9D6429F410597750B2DC2579B2347303 276832 ----a-w- C:\WINDOWS\Sysnative\d3dx11_43.dll
2015-04-14 20:31:43 B739C423276AE62D7AC91773226EC13B 523088 ----a-w- C:\WINDOWS\Sysnative\d3dx10_42.dll
2015-04-14 20:31:31 862586AD4B1355F7DCDE111EE0AAF350 519000 ----a-w- C:\WINDOWS\Sysnative\d3dx10_40.dll
2015-04-14 20:31:31 37309B833480DC69FDE7DB68F9B8BC20 2605920 ----a-w- C:\WINDOWS\Sysnative\D3DCompiler_40.dll
2015-04-14 20:31:28 29A79F0B607FAF5722D7BAF2485F632A 5631312 ----a-w- C:\WINDOWS\Sysnative\D3DX9_40.dll
2015-04-14 20:30:39 A4DDFE5DC4E73D1FED9B1B3A3D885612 4398360 ----a-w- C:\WINDOWS\Sysnative\d3dx9_32.dll
====== C:\WINDOWS\Sysnative\drivers =====
====== C:\WINDOWS\Tasks ======
2015-04-20 22:01:52 2F054AEE40DBE612F91E6326098C97E2 3026 ----a-w- C:\WINDOWS\Sysnative\Tasks\{264FE75D-0388-4912-AEBD-A87D13C15167}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-04-15 10:52:14 -------- d-----w- C:\Program Files\Diebold
======= C:\PROGRA~2 =====
2015-04-19 18:48:34 -------- d-----w- C:\PROGRA~2\QuickPar
2015-04-19 18:25:28 -------- d-----w- C:\PROGRA~2\WinRAR
2015-04-18 16:29:20 -------- d-----w- C:\PROGRA~2\ZHPDiag
2015-04-15 10:52:14 -------- d-----w- C:\PROGRA~2\GAS Tecnologia
2015-04-15 10:52:14 -------- d-----w- C:\PROGRA~2\Diebold
======= C: =====
2015-04-18 16:40:00 95E18B5ED8B20C32AE8A5068FFA72709 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-04-14 00:18:10 D334E627DB2B9CACCB4FD7591E1D6454 1024 ----a-w- C:\.rnd
====== C:\Users\Vi\AppData\Roaming ======
2015-04-21 11:39:19 -------- d-----r- C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-19 19:08:48 -------- d-----w- C:\Users\Vi\AppData\Local\QuickPar
2015-04-19 18:48:37 -------- d-----w- C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-19 18:25:55 -------- d-----w- C:\Users\Vi\AppData\Roaming\WinRAR
2015-04-19 18:25:36 -------- d-----w- C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-18 21:19:05 -------- d-----w- C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-04-18 20:33:00 -------- d-----w- C:\Users\Vi\AppData\Local\JDownloader 2.0
2015-04-18 16:29:20 -------- d-----w- C:\Users\Vi\AppData\Roaming\ZHP
2015-04-14 00:15:49 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2015-04-09 23:57:02 -------- d-----w- C:\Users\Vi\AppData\Locallow\Adobe
2015-04-06 00:06:05 -------- d-----w- C:\Users\Vi\AppData\Roaming\dvdcss
2015-03-26 20:48:58 -------- d-----w- C:\Users\Vi\AppData\Roaming\vlc
====== C:\Users\Vi ======
2015-04-20 12:37:24 7CCCC76D58F6BC06446885D389AD9933 2684539 ----a-w- C:\Users\Vi\Downloads\JRT.exe
2015-04-19 18:48:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-04-19 18:48:04 6FB201020B62B57586CA762DEC51A982 501363 ----a-w- C:\Users\Vi\Downloads\QuickPar-0.9.1.0.exe
2015-04-19 18:25:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-19 18:21:52 9B6F7231533F04B75F3B3C86CB9D0117 1941744 ----a-w- C:\Users\Vi\Downloads\winrar-x64-521.exe
2015-04-18 17:26:26 D14E892FE0F82244F2EEEAF75D58A3AB 36403448 ----a-w- C:\Users\Vi\Downloads\JDownloader2Setup.exe
2015-04-18 16:59:55 8CB58620F4651954C5F7539B0A301E92 4463952 ----a-w- C:\Users\Vi\Downloads\dolphin-4.0-win64.exe
2015-04-18 16:29:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-04-14 20:21:49 7C1FC2021CF57FED3C25C9B03CD0C31A 100271992 ----a-w- C:\Users\Vi\Downloads\directx_Jun2010_redist.exe
2015-04-14 20:05:07 31D2409237481996E00505054E68BA3E 21540440 ----a-w- C:\Users\Vi\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 00:14:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
====== C: exe-files ==
2015-04-21 11:38:50 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\C548.exe
2015-04-20 22:51:03 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\20D8.exe
2015-04-20 22:29:26 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-04-20 22:29:26 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
2015-04-20 22:28:08 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\2D80.exe
2015-04-20 21:03:32 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\C5D8.exe
2015-04-20 15:39:30 7488533E2D6A6DE19BD3D01C9BE04023 485376 ----a-w- C:\Users\Vi\AppData\Local\Temp\8F40\temp\2880.exe
2015-04-20 12:48:46 1412FA64CD13E44E85D51FDDC97CFCAB 385024 ----a-w- C:\Users\Vi\AppData\Local\Temp\BE78\temp\Chaturbate Token Hack Tool 2014 Fully Cracked Working Cheats.exe
2015-04-20 12:48:39 1412FA64CD13E44E85D51FDDC97CFCAB 385024 ----a-w- C:\Users\Vi\AppData\Local\Temp\D000.exe
2015-04-20 12:37:24 7CCCC76D58F6BC06446885D389AD9933 2684539 ----a-w- C:\Users\Vi\Downloads\JRT.exe
2015-04-19 18:48:37 ED8047EC2E557F7380B7BAE78528282E 56869 ----a-w- C:\Program Files (x86)\QuickPar\uninst.exe
2015-04-19 18:48:04 6FB201020B62B57586CA762DEC51A982 501363 ----a-w- C:\Users\Vi\Downloads\QuickPar-0.9.1.0.exe
2015-04-19 18:25:33 B291AC0C1C2A09D566E161FFE851088A 61528 ----a-w- C:\Program Files (x86)\WinRAR\Ace32Loader.exe
2015-04-19 18:25:30 2565447320BCC0A5EDE86267A2B27A18 1502808 ----a-w- C:\Program Files (x86)\WinRAR\WinRAR.exe
2015-04-19 18:25:29 ACEED86B06A889A33D71E8F0E65735BF 332376 ----a-w- C:\Program Files (x86)\WinRAR\UnRAR.exe
2015-04-19 18:25:29 6CC32404A80C3547AC713E9B01A8B3DF 187480 ----a-w- C:\Program Files (x86)\WinRAR\Uninstall.exe
2015-04-19 18:25:29 18144E860D353600BBD2E917AED21FDE 527960 ----a-w- C:\Program Files (x86)\WinRAR\Rar.exe
2015-04-19 18:23:10 F6414DD3B23979312F8EBB91DE794178 11080 ----a-w- C:\Users\Vi\AppData\Roaming\ZHP\Quarantine\apps.DIR\2.0\1VYXCNC5.PZH\DVML307P.3H2\goog...app_86fd5b6b43e66935_0001.0003_02e0d8611226c884\clickonce_bootstrap.exe
2015-04-19 18:23:10 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Vi\AppData\Roaming\ZHP\Quarantine\apps.DIR\2.0\1VYXCNC5.PZH\DVML307P.3H2\goog...app_86fd5b6b43e66935_0001.0003_02e0d8611226c884\GoogleUpdateSetup.exe
2015-04-19 18:23:10 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Vi\AppData\Roaming\ZHP\Quarantine\apps.DIR\2.0\1VYXCNC5.PZH\DVML307P.3H2\clic...exe_86fd5b6b43e66935_0001.0003_none_f263691f58f224f9\GoogleUpdateSetup.exe
2015-04-19 18:21:52 9B6F7231533F04B75F3B3C86CB9D0117 1941744 ----a-w- C:\Users\Vi\Downloads\winrar-x64-521.exe
2015-04-18 21:17:30 23E0E3B40B8AF8A296AE22C0DA5B7A7A 77824 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\tools\Windows\elevate\Elevate64.exe
2015-04-18 21:17:29 3D1EC7713B815CFC6E59CC852018EE5B 358912 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\tools\Windows\rtmpdump\rtmpdump.exe
2015-04-18 21:17:28 F5E6D3F393383040721C724E6CD1B589 40960 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\tools\Windows\rtmpdump\SendSignal.exe
2015-04-18 20:35:53 000BA4F00A789F8917060126669ACF60 806912 ----a-w- C:\Users\Vi\Downloads\Dolphin 4.0\DSPTool.exe
2015-04-18 20:35:52 0127ABCCB2199DD7FF00955C8C279DEB 13477888 ----a-w- C:\Users\Vi\Downloads\Dolphin 4.0\Dolphin.exe
2015-04-18 20:33:29 DE395ADB369470A953A11B8C300697E2 35680 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\.install4j\i4jdel.exe
2015-04-18 20:33:28 3F255660963C674D7FDE5813A91E8305 425208 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe
2015-04-18 20:33:27 95ABD5CD57979EE6C5586FCF570E7B6A 265976 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\JDownloader2Update.exe
2015-04-18 20:33:11 B2D0BBD411F8A0196A855E1BECFC8AE0 425208 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\JDownloader2.exe
2015-04-18 20:33:05 F29CA354D6E309EE48820168C2283D0D 197544 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\unpack200.exe
2015-04-18 20:33:05 DB7F7542B7AE6F51C14FB3DB1F0BC09E 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\tnameserv.exe
2015-04-18 20:33:05 BC69789A18C4450C0701C62E9F1BD2F5 66472 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\ssvagent.exe
2015-04-18 20:33:05 83492C6B3CE1B24D99DF58F423578C04 16808 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\rmiregistry.exe
2015-04-18 20:33:05 47F35CAD3B7DA73DD6033950F0B018A2 16808 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\servertool.exe
2015-04-18 20:33:05 47179F241C883785191F856A7772E320 15784 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\rmid.exe
2015-04-18 20:33:04 E89BBD1512A51613550136EF833B2E16 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\klist.exe
2015-04-18 20:33:04 BF3CA14817AE2C5609F0177C169C4688 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\pack200.exe
2015-04-18 20:33:04 87772AAA7D9E4DC5185FFFFF1D66AAC1 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\ktab.exe
2015-04-18 20:33:04 5EAC3F56872C6828B49951EBAB7BF4CD 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\orbd.exe
2015-04-18 20:33:04 51486673818C862FB955A37BEA75C7DC 16808 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\policytool.exe
2015-04-18 20:33:03 D5F7A1FF7B6205A018427AD2B2EF37C4 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\keytool.exe
2015-04-18 20:33:03 A434996DEB3A419F4F0880BE8193AE6D 16296 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\kinit.exe
2015-04-18 20:33:03 8CD76D429A03BB2F4CCC47B2777D8240 15784 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\jjs.exe
2015-04-18 20:33:03 7571F354DC6266AE3F641A0FC810A370 99752 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\jp2launcher.exe
2015-04-18 20:33:02 885B022B51C792CE0BE4626ED8F69653 77224 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\javacpl.exe
2015-04-18 20:33:02 250C7E62532CE498564C4AF2739158B0 207272 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\javaw.exe
2015-04-18 20:33:01 C3A19A1D2EA810A67E7038DC35CEBEB0 15784 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\java-rmi.exe
2015-04-18 20:33:01 C10B23D45949634BB5B203F5B76C3B17 206760 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\java.exe
2015-04-18 20:33:01 491069DBCB825D2E585D0D8536F8F7AF 34216 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\bin\jabswitch.exe
2015-04-18 17:26:26 D14E892FE0F82244F2EEEAF75D58A3AB 36403448 ----a-w- C:\Users\Vi\Downloads\JDownloader2Setup.exe
2015-04-18 16:59:55 8CB58620F4651954C5F7539B0A301E92 4463952 ----a-w- C:\Users\Vi\Downloads\dolphin-4.0-win64.exe
2015-04-18 16:29:29 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
2015-04-18 16:29:29 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe
2015-04-18 16:29:28 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe
2015-04-18 16:29:28 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe
2015-04-18 16:29:28 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe
2015-04-18 16:29:27 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe
2015-04-18 16:29:27 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe
2015-04-18 16:29:27 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe
2015-04-18 16:29:26 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe
2015-04-18 16:29:25 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
2015-04-18 16:29:24 2E30F0D775442FFBF68E7AB4603BFFDB 3060224 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
2015-04-18 16:29:22 E47AC731D42B2452D4C0BF096DF3DD6E 8145408 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
2015-04-18 16:29:20 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
2015-04-18 16:29:20 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe
2015-04-18 16:15:43 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Install\{93C88C54-063F-4757-8A47-12CCFC850EE8}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
2015-04-18 16:15:43 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.90\42.0.2311.90_41.0.2272.118_chrome_updater.exe
2015-04-15 10:52:36 342189493F544604C7007578A439A830 463160 ----a-w- C:\Program Files\Diebold\Warsaw\wsffcmgr.exe
2015-04-15 10:52:16 5DA5370F68E38CEB391A959E98252C3E 442168 ----a-w- C:\Program Files\Diebold\Warsaw\uninstall_core.exe
2015-04-15 10:52:14 EDA917548C58FA93F5357A9000D297BF 847160 ----a-w- C:\Program Files\Diebold\Warsaw\core.exe
2015-04-15 10:52:14 827888889FF7BFC480FF3AC62132EABD 718497 ----a-w- C:\Program Files\Diebold\Warsaw\unins000.exe
2015-04-14 20:21:49 7C1FC2021CF57FED3C25C9B03CD0C31A 100271992 ----a-w- C:\Users\Vi\Downloads\directx_Jun2010_redist.exe
2015-04-14 20:05:07 31D2409237481996E00505054E68BA3E 21540440 ----a-w- C:\Users\Vi\Downloads\mbam-setup-2.1.4.1018.exe
=== C: other files ==
2015-04-20 22:29:22 FB5FA705CF4508958152C4F129A104FE 7921 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\runvalues.bat
2015-04-20 22:29:22 D20B8F5E5D46E8E194FD2ABBCA9ABA03 28499 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\ask.bat
2015-04-20 22:29:22 C16EBCAA02F2976408D2F5A68D2562FF 1771 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\delfolders.bat
2015-04-20 22:29:22 B6CEA839C92553E4EA47A949577A6B5A 18357 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\medfos.bat
2015-04-20 22:29:22 B23B16209341AEAE62A7D32117A36F55 1192 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\TDL4.bat
2015-04-20 22:29:22 A8F5541C419593F3ECAC0E0A3FB0F2BA 1162 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\surfvox.bat
2015-04-20 22:29:22 A3329663A605381C72C4F187111CA964 13832 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\chrome.bat
2015-04-20 22:29:22 93FCD3CDB82A49B19B7271AC28B94227 121702 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\misc.bat
2015-04-20 22:29:22 93A6196509429319C854A941F14F1E7C 252 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\ev_clear.bat
2015-04-20 22:29:22 764E4EBC028D50B41B18A2614966AA19 17795 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\get.bat
2015-04-20 22:29:22 62D7034C831C2A80790CD778051D5B9D 35577 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\prelim.bat
2015-04-20 22:29:22 38DF1A0E0C2037993449FCE4121B048B 153581 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\firefox.bat
2015-04-20 22:29:22 2338B23B49B006B14839A9B7FF19F7B9 9459 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\searchlnk.bat
2015-04-20 22:29:22 1ED2FC3C8F413609912CD6D6C75A4B95 30974 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\iexplore.bat
2015-04-20 22:29:22 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Vi\AppData\Local\Temp\jrt\mws.bat
2015-04-19 20:29:01 8AF3964877F7B9C1C1B56D1D7C09335A 2599 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList21.zip
2015-04-19 20:29:01 19BEC4FBE20367405331F24065D9E382 230 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector10.zip
2015-04-19 19:57:20 9ADE9D7116BED0B637E186E5D26998A7 2599 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList20.zip
2015-04-19 19:56:19 B405BE857BDB571FDE105A5A00A8FC9B 2599 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList19.zip
2015-04-19 19:55:49 C9E537B5D39BDF88F4D55D3D3C2AF1C7 2645 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList18.zip
2015-04-19 19:54:20 0163FA1476AAB0A2B53723444FCE2ADA 2619 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList17.zip
2015-04-19 19:51:22 6A4B6B82809B29B3BBAE82395E054A3A 2621 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\downloadList16.zip
2015-04-19 19:39:20 98E5164F74EFA773B237F3FCBA9652C6 230 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector9.zip
2015-04-19 19:39:14 40D42E36547B37862234197D5EC11A5F 2981 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector8.zip
2015-04-19 19:38:45 7FB70BB56E5E33B6D2CD105C2A2A7CDC 2887 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector7.zip
2015-04-19 19:26:16 3101BCFAB575371D297C7490418614C6 194885 ----a-w- C:\Users\Vi\Downloads\hjsplit.zip
2015-04-19 18:47:20 4445BA8BEC8E13B2A473A3337AA90C6D 230 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector6.zip
2015-04-19 18:47:04 1817623F02A532422C27C6A9C576DFB5 5609 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\cfg\linkcollector5.zip
2015-04-18 20:36:42 6BB3888C3149C19EFE882EBDAA70142A 60 ----a-w- C:\Users\Vi\Documents\Dolphin Emulator\Wii\sys\uid.sys
2015-04-18 20:33:06 9C585B18B266B9471AC39BC5F688D761 14130 ----a-w- C:\Users\Vi\AppData\Local\JDownloader 2.0\jre\lib\deploy\ffjcext.zip
2015-04-15 10:52:14 8D568B1E99BAD4BCC9B58A06E22A5354 37592 ----a-w- C:\Windows\System32\WinDivert64.sys
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor11.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AtherosSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Easy Launcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Capability Licensing Service Interface]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Capability Licensing Service TCP IP Interface]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® ME Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SWUpdateService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZAtheros Bt and Wlan Coex Agent]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21 10:10 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21 10:10 PM]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-02 01:21 PM]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\WINDOWS\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"]
"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6731B059-A923-405F-9E7F-3DF36F5F201A}" [C:\WINDOWS\system32\msfeedssync.exe]
==== Chromium Look ======================
Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db]
Google Drive - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
FVD Video Downloader - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjnhlldkcmeabhjlopelfhidanhdicg
YouTube - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Módulo de Proteção Banese - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cakljnifdmgekijnkekjhbdleplooakk
Google Search - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Bookmark Manager - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Vi\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://google.com/",
==== Chromium Fix ======================
C:\Users\Vi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjnhlldkcmeabhjlopelfhidanhdicg deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{A1B00A1B-ED61-41AF-A700-69672CBF4EE9} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2242910852-1522185380-850179407-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A1B00A1B-ED61-41AF-A700-69672CBF4EE9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A1B00A1B-ED61-41AF-A700-69672CBF4EE9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A1B00A1B-ED61-41AF-A700-69672CBF4EE9} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Dracula 3 - The Path of the Dragon.lnk - C:\GOG Games\Dracula Trilogy\Dracula 3 - The Path of the Dragon\dracula3.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk - C:\Program Files (x86)\Samsung\S Agent\CommonAgent.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Tracks Air.lnk - C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe a4:15:66:4b:c2:ea
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk - C:\Users\Vi\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk - C:\Users\Vi\AppData\Local\JDownloader 2.0\JDownloader2Update.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk - C:\Users\Vi\AppData\Local\JDownloader 2.0\JDownloader2.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Vi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk - C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Dracula - The Resurrection.lnk - C:\GOG Games\Dracula Trilogy\Dracula - The Resurrection\Dracula.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Dracula 2 - The Last Sanctuary.lnk - C:\GOG Games\Dracula Trilogy\Dracula 2 - The Last Sanctuary\Dracula2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Dracula 3 - The Path of the Dragon.lnk - C:\GOG Games\Dracula Trilogy\Dracula 3 - The Path of the Dragon\dracula3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Manual [Dracula - The Resurrection].lnk - C:\GOG Games\Dracula Trilogy\Dracula - The Resurrection\Dracula Resurrection - Manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Manual [Dracula 2 - The Last Sanctuary].lnk - C:\GOG Games\Dracula Trilogy\Dracula 2 - The Last Sanctuary\Dracula The Last Sanctuary - Manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Manual [Dracula 3 - The Path of the Dragon].lnk - C:\GOG Games\Dracula Trilogy\Dracula 3 - The Path of the Dragon\Dracula Path of the Dragon - Manual.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula Trilogy [GOG.com]\Uninstall Dracula Trilogy.lnk - C:\GOG Games\Dracula Trilogy\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\QuickPar.lnk - C:\Program Files (x86)\QuickPar\QuickPar.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\Uninstall.lnk - C:\Program Files (x86)\QuickPar\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar\Website.lnk - C:\Program Files (x86)\QuickPar\QuickPar.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Recovery.lnk - C:\Program Files\Samsung\Recovery\Manager1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Support Center.lnk - C:\Program Files (x86)\Samsung\Support Center\GuaranaMain.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\SW Update.lnk - C:\Program Files (x86)\Samsung\SW Update\sManager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes - Mystery Of The Mummy\frogzz test.lnk - C:\Program Files (x86)\Sherlock Holmes - Mystery Of The Mummy\game.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes - Mystery Of The Mummy\GLWorker.lnk - C:\Program Files (x86)\Sherlock Holmes - Mystery Of The Mummy\GLWorker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes - Mystery Of The Mummy\iWinGames Game.lnk - C:\Program Files (x86)\Sherlock Holmes - Mystery Of The Mummy\GameLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes - Mystery Of The Mummy\Uninstall.lnk - C:\Program Files (x86)\Sherlock Holmes - Mystery Of The Mummy\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Vi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Vi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Vi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Vi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Vi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Vi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Vi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=82 folders=48 25339126 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Vi\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Vi\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}\5d17585c0f91bd19" not found
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}\90eafe0928455acd" not found
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\23071211da6b8c89" not found
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}\eefab444fdbf6b5d" not found
"C:\PROGRA~3\{4e410934-b586-2d1d-4e41-10934b5824d2}" not found
"C:\PROGRA~3\{ab512ab1-9c13-6b92-ab51-12ab19c1aac6}" not found
==== EOF on 2015-04-21 at 9:14:32.98 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! Weick /!\

 

> Baixe: < SFTGC > ( ... de Pierre13 )
> Tendo dificuldades no download,utilize o navegador Internet Explorer.
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
SFTGC_Go_zps151dad06.jpg
> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
> Acesse,para esta tarefa! < Cjoint_Logo.jpg >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! Weick /!\

 

> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

 

Fiz todos os procedimentos e reiniciei o note. Quando abri o Chrome, tinha uma extensão lá na lista, mas ela estava desativada. Eu deletei ela da lista no navegador e reiniciei o Chrome. A extensão não apareceu novamente, parece que está tudo normal agora. Vou monitorar.

 

Muito obrigado,

Weick

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.