Zoek.exe v5.0.0.0 Updated 05-February-2015
Tool run by User on 05/02/2015 at 16:07:38,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-02-140036.log 52085 bytes
==== Empty Folders Check ======================
C:\Users\Default\AppData\Local\Google deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Folders Found ======================
2015-01-26 19:11:14 2015-01-26 19:11:14 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2015-02-05 13:29:47 2015-02-05 13:29:47 -------- d-----w- C:\Users\User\AppData\Roaming\ZHP\Quarantine\Baidu PC Faster.DIR
2015-02-05 13:21:47 2015-02-05 13:28:09 -------- d-----w- C:\Users\User\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR
2015-02-05 13:28:41 2015-02-05 13:28:41 -------- d-----w- C:\Users\User\AppData\Roaming\ZHP\Quarantine\Baidu.DIR
2015-02-05 13:28:09 2015-02-02 14:19:46 -------- d-----w- C:\Users\User\AppData\Roaming\ZHP\Quarantine\Baidu Security.DIR\Baidu Security
2015-02-02 13:41:20 2015-02-02 13:41:20 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3660
Created time: 2015-02-02 13:41:20
Modified time: 2015-01-29 13:18:59
MD5: DBE185A5CB044714D0709302E1349B78
SHA1: 17EBCE376F2618983DFFB705206AFC17F904E993
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3712
Created time: 2015-02-02 13:41:20
Modified time: 2015-01-29 13:18:58
MD5: EE7C8FFEBF2C82969F6E370F31F39E09
SHA1: B7C997371FE9F2583BD5D9EAA075992F111BBFC0
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn\www]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bav\shell\open\command]
@="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\" UI_Start_From_IE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\DefaultIcon]
@="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavadvtools\\3811A2B3-20AF-486d-81FA-8774762CC135\\tool\\Translator.exe,-201"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BLPFILE\shell\open\command]
@="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\bavadvtools\\3811A2B3-20AF-486d-81FA-8774762CC135\\tool\\Translator.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn\www]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Baidu Security\Feedback]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Baidu Security\Feedback\products]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Baidu Security\Feedback\products\1]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\IntelliType Pro\AppSpecific\FasterNow.exe]
"Path"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\5.0.0.0\\FasterNow.exe"
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn\www]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn]
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn\www]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\baiduqqsina.cn\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\baiduqqsina.cn\www]
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
2015-02-05 16:25:30 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\libiconv2.dll
2015-02-05 16:25:30 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\libintl3.dll
2015-02-05 16:25:30 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\pcre3.dll
2015-02-05 16:25:30 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\regex2.dll
2015-02-05 16:25:29 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-02-04 15:43:37 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\ThreatScanner.exe
2015-02-04 15:43:14 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\installerpackage.exe
2015-02-04 15:38:59 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe
2015-02-04 15:38:59 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe
2015-02-04 15:38:59 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\en-US.exe
2015-02-04 15:38:59 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\it-IT.exe
2015-02-04 15:38:58 FE8986D39CF82FF9ED856571E64F4843 223344 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\wspack.dll
2015-02-04 15:38:58 EB1E6129696EE881DE94F383BEE0B117 131552 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\core\bdcore.dll
2015-02-04 15:38:58 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\setuplauncher.exe
2015-02-04 15:38:58 DBB5106CEE548C085FC2D33E9AB59BE7 297016 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\wsutils.dll
2015-02-04 15:38:58 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\Installer.exe
2015-02-04 15:38:58 95B779329680265CE36BDFA0BC953A13 216664 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\unrar64.dll
2015-02-04 15:38:58 804A78FF4F68125B5D4E4EEECA642FEA 126560 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\npcomm.dll
2015-02-04 15:38:58 6034B71DC75CB71635181457EE8EBE24 1524288 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\wslib.dll
2015-02-04 15:38:58 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\trufos.sys
2015-02-04 15:38:58 0A7FC87768E1C181D3F903DF19F34A80 511232 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\trufos.dll
2015-02-04 15:38:57 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe
2015-02-04 15:38:57 74AB0D9CB6EC7B9E796C0A4FED20C766 3762472 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\htmlayout.dll
2015-02-04 15:38:57 6505373F3B9261A536EF402F55B5DE79 190384 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\bdardrv.dll
2015-02-04 15:38:57 5BB8E15835F5D0A5BD99492C5D85A672 101328 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\bdmetrics.dll
2015-02-04 15:38:57 509A03DFFBB3FEC4B2BCCADCAB903C4B 76584 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\gzfltum.dll
2015-02-04 15:38:57 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\gzflt.sys
2015-02-04 15:38:57 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\avcheck.exe
2015-02-04 15:38:57 28C9690641CC746F778AB94EED54C4B0 2360064 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\additional.dll
2015-02-04 15:38:57 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe
2015-02-04 15:38:57 01726E53C80083F4C02CDB834266C68C 148160 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\bdnc.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-27 00:50:44 44ECCC9B1B3EC830B6532E8B96F16AC3 164352 --sh--w- C:\Windows\SysWOW64\SC.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-04 15:44:12 4DA5DA193E0E4F86F6F8FD43EF25329A 1721576 ----a-w- C:\Windows\Sysnative\WdfCoInstaller01009.dll
====== C:\Windows\Sysnative\drivers =====
2015-02-04 15:44:10 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys
2015-02-04 15:44:10 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys
2015-02-04 15:44:10 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys
2015-02-04 15:39:21 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys
2015-02-04 15:39:21 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys
2015-01-29 21:51:28 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Windows\Sysnative\drivers\dtsoftbus01.sys
2015-01-26 18:44:40 FDDDABC83BB5FB70E8BF481748B32B26 51528 ----a-w- C:\Windows\Sysnative\drivers\crfilterdrv.sys
2015-01-26 18:44:36 7144D953DC4A27F20C891FB74485D0F9 51504 ----a-w- C:\Windows\Sysnative\drivers\gosaferdrv.sys
2015-01-26 18:44:35 9BD112361B5F1DB4DC6E77A1CBE561C3 60728 ----a-w- C:\Windows\Sysnative\drivers\mosfilterdrv.sys
2015-01-26 18:43:51 F80393A5E4E0789392105B9ACB460632 60736 ----a-w- C:\Windows\Sysnative\drivers\pofilterdrv.sys
2015-01-23 18:39:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
2015-01-23 18:39:00 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-14 14:49:35 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-04 15:39:39 -------- d-----w- C:\Program Files\Bitdefender
======= C:\PROGRA~2 =====
2015-02-05 17:38:57 -------- d-----w- C:\PROGRA~2\HD Tune
2015-02-04 15:23:46 -------- d-----w- C:\PROGRA~2\VS Revo Group
2015-02-04 14:29:00 -------- d-----w- C:\PROGRA~2\ZHPDiag
2015-01-29 23:01:42 -------- d-----w- C:\PROGRA~2\KONAMI
2015-01-29 22:49:42 -------- d-----w- C:\PROGRA~2\directx
2015-01-29 21:51:16 -------- d-----w- C:\PROGRA~2\DAEMON Tools Lite
2015-01-29 18:48:04 -------- d-----w- C:\PROGRA~2\Tribo Gamer
2015-01-29 16:28:27 -------- d-----w- C:\PROGRA~2\Resident Evil 4
2015-01-27 21:31:45 -------- d-----w- C:\PROGRA~2\Megamanchristian Games
2015-01-26 23:12:42 -------- d-----w- C:\PROGRA~2\Microsoft Games for Windows - LIVE
2015-01-26 18:44:32 -------- d-----w- C:\PROGRA~2\GOSafer
2015-01-26 18:44:30 -------- d-----w- C:\PROGRA~2\NJax
2015-01-26 16:34:36 -------- d-----w- C:\PROGRA~2\GameVicio
2015-01-23 18:43:38 -------- d-----w- C:\PROGRA~2\Sony
2015-01-22 11:22:27 -------- d-----w- C:\PROGRA~2\Resident Evil Revelations
2015-01-19 18:29:49 -------- d-----w- C:\PROGRA~2\Legendas-3.1
======= C: =====
2015-02-04 15:00:36 167FDBD157A770F25DC1CF41E79905C4 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-02-02 15:33:32 BE94B0BC1D268862747A7AB821FAA2BA 10949 ----a-w- C:\AdsFix.txt
====== C:\Users\User\AppData\Roaming ======
2015-02-05 16:30:20 48794071189C293A116FC26EDCFEE8BD 73288 ----a-w- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 15:48:22 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan
2015-02-04 15:29:31 -------- d-----w- C:\Users\User\AppData\Roaming\QuickScan
2015-02-04 15:23:47 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-02-04 14:29:01 -------- d-----w- C:\Users\User\AppData\Roaming\ZHP
2015-02-02 13:55:14 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-02-02 13:55:14 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2015-02-02 13:55:14 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-02-02 13:55:14 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-02-02 13:55:13 -------- d-----w- C:\Users\User\AppData\Local\Temp
2015-01-29 23:11:05 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-29 21:51:22 -------- d-----w- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-01-26 18:49:37 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\BAVData
2015-01-26 16:35:13 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-01-23 23:28:50 -------- d-----w- C:\Users\User\AppData\Roaming\Resident Evil 6_unistall
2015-01-23 18:50:24 -------- d-----w- C:\Users\User\AppData\Local\Sony
2015-01-22 11:41:08 -------- d-----w- C:\Users\User\AppData\Local\FLT
2015-01-22 11:40:23 -------- d-----w- C:\Users\User\AppData\Local\CAPCOM
====== C:\Users\User ======
2015-02-05 17:38:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-02-05 17:34:06 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\User\Downloads\hdtune_255.exe
2015-02-05 14:43:02 C79AF0627BA58C2DD1723EA5376BD605 38706096 ----a-w- C:\Users\User\Downloads\97to03w8.exe
2015-02-04 15:48:02 FDD214165813C81A18AAC612076D8186 1593927 ----a-w- C:\Users\TODOSO~1\1423064341.bdinstall.bin
2015-02-04 15:48:02 FDD214165813C81A18AAC612076D8186 1593927 ----a-w- C:\ProgramData\1423064341.bdinstall.bin
2015-02-04 15:44:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-02-04 15:31:03 613D666AD85B462FEFE34AC6A9DE118A 1692 ----a-w- C:\Users\TODOSO~1\1423063859.bdinstall.bin
2015-02-04 15:31:03 613D666AD85B462FEFE34AC6A9DE118A 1692 ----a-w- C:\ProgramData\1423063859.bdinstall.bin
2015-02-04 15:30:17 27C016C9C4FC9C6375A905A131648AC8 1692 ----a-w- C:\Users\TODOSO~1\1423063809.bdinstall.bin
2015-02-04 15:30:17 27C016C9C4FC9C6375A905A131648AC8 1692 ----a-w- C:\ProgramData\1423063809.bdinstall.bin
2015-02-04 15:29:56 849FEF6F31F667A4EDBDF64316A274F8 1691 ----a-w- C:\Users\TODOSO~1\1423063772.bdinstall.bin
2015-02-04 15:29:56 849FEF6F31F667A4EDBDF64316A274F8 1691 ----a-w- C:\ProgramData\1423063772.bdinstall.bin
2015-02-04 14:29:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-02-02 14:59:21 FCC459BB8B8BF8BD500AD856305FDA70 2453504 ----a-w- C:\Users\User\Desktop\AdsFix.exe
2015-02-02 14:08:27 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\User\Downloads\JRT.exe
2015-01-29 23:09:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI
2015-01-29 21:56:21 -------- d-----w- C:\Users\Public\Documents\DAEMON Tools Images
2015-01-29 21:53:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-29 21:49:29 -------- d-----w- C:\Users\TODOSO~1\DAEMON Tools Lite
2015-01-29 21:49:29 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2015-01-29 18:48:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2015-01-27 23:27:01 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2015-01-27 23:27:01 8E1B08222F20E45A3E8DB04C569F9CB7 8 --sha-r- C:\ProgramData\ntuser.pol
2015-01-27 21:32:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\God Of War Version Pc
2015-01-26 23:15:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-01-26 18:56:56 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\Users\TODOSO~1\bc.ini
2015-01-26 18:56:56 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\ProgramData\bc.ini
2015-01-26 18:52:28 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\User\Downloads\adwcleaner_4.109.exe
2015-01-26 16:35:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-01-23 23:33:40 -------- d-----w- C:\Users\TODOSO~1\Steam
2015-01-23 23:33:40 -------- d-----w- C:\ProgramData\Steam
2015-01-23 18:44:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-23 18:43:38 -------- d-----w- C:\Users\TODOSO~1\Sony
2015-01-23 18:43:38 -------- d-----w- C:\ProgramData\Sony
====== C: exe-files ==
2015-02-05 17:38:57 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files (x86)\HD Tune\HDTune.exe
2015-02-05 17:38:57 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files (x86)\HD Tune\unins000.exe
2015-02-05 17:34:06 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\User\Downloads\hdtune_255.exe
2015-02-05 16:25:29 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-02-05 14:43:02 C79AF0627BA58C2DD1723EA5376BD605 38706096 ----a-w- C:\Users\User\Downloads\97to03w8.exe
2015-02-04 18:22:49 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-04 18:22:49 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-04 18:22:49 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-04 18:22:49 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-04 18:22:43 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-04 18:22:43 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-04 18:22:43 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-04 18:22:43 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-04 18:22:39 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{9B74EC50-45B2-490E-BA77-B53FBDC9D3B2}\GoogleUpdateSetup.exe
2015-02-04 18:22:39 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-04 15:44:20 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter.exe
2015-02-04 15:44:20 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter4.exe
2015-02-04 15:44:19 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe
2015-02-04 15:44:19 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\ThreatScanner.exe
2015-02-04 15:44:19 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe
2015-02-04 15:44:19 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\pt-BR.exe
2015-02-04 15:44:19 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\ro-RO.exe
2015-02-04 15:44:19 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\en-US.exe
2015-02-04 15:44:19 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\avcheck.exe
2015-02-04 15:44:19 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\it-IT.exe
2015-02-04 15:44:19 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\installerpackage.exe
2015-02-04 15:44:11 DE6C895E14E7D7D45A1A7276754BDB92 19944 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzifaceexec.exe
2015-02-04 15:44:11 B8E08510721D367F1330F6A0B9CA9F99 1312072 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
2015-02-04 15:44:11 B5CBEB9EB25A8230463037A647BC1469 69368 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
2015-02-04 15:44:11 B34E17D28EB63DE8C5AD60539AF421A4 602872 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray4.exe
2015-02-04 15:44:11 82C67B91F26DE0CB7315E2CE622433E2 524032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray.exe
2015-02-04 15:44:11 5BC79AC4470CF45BFE3DEFD5520D63E9 50328 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ThreatScanner\gc.exe
2015-02-04 15:44:11 3F5DD8A7CA79C562AF939067E8B07764 153280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel4.exe
2015-02-04 15:44:11 33205C6D38A2A4B3766230A489B56396 218736 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdreinit.exe
2015-02-04 15:44:11 12806F9E1F69F73D6EAF1E2F172E3E12 153232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel.exe
2015-02-04 15:44:10 C426283AD9FAD74726C961373E5B9E4A 254280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
2015-02-04 15:44:10 9CB162599CBA2CD46090A3CB093FE6E5 74000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\driverctrl.exe
2015-02-04 15:44:10 6F070125C784EAB1F602E19005BC2D25 78144 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avchvinst.exe
2015-02-04 15:44:10 5A9C5CE8BDCA8568D798259A31991893 70928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\setloadorder.exe
2015-02-04 15:44:10 1D5559AB66613ED08A639C342F44D207 17896 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\elevator.exe
2015-02-04 15:43:37 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\ThreatScanner.exe
2015-02-04 15:43:14 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\installerpackage.exe
2015-02-04 15:38:59 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\pt-BR.exe
2015-02-04 15:38:59 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\ro-RO.exe
2015-02-04 15:38:59 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\en-US.exe
2015-02-04 15:38:59 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\lang\it-IT.exe
2015-02-04 15:38:58 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\setuplauncher.exe
2015-02-04 15:38:58 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\Installer.exe
2015-02-04 15:38:57 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\WPFKickstarter.exe
2015-02-04 15:38:57 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\avcheck.exe
2015-02-04 15:38:57 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\WPFKickstarter4.exe
2015-02-04 15:38:43 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\User\Downloads\A trainer's\Antivirus_Free_Edition_x64.exe
2015-02-04 15:38:19 DE1F74C3471F2C9A8C0B3969E692F7B2 162208 ----a-w- C:\Users\User\Downloads\A trainer's\Antivirus_Free_Edition.exe
2015-02-04 15:23:48 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2015-02-04 15:23:01 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\User\Downloads\A trainer's\revosetup.exe
2015-02-04 15:21:08 5DCB5CCEDAC03172525868E52A4BD436 9927424 ----a-w- C:\Users\User\Downloads\A trainer's\Antivirus_Free_Edition_x86.exe
2015-02-04 14:29:06 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe
2015-02-04 14:29:06 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
2015-02-04 14:29:06 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe
2015-02-04 14:29:06 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe
2015-02-04 14:29:05 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe
2015-02-04 14:29:05 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe
2015-02-04 14:29:05 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe
2015-02-04 14:29:05 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe
2015-02-04 14:29:05 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe
2015-02-04 14:29:04 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
2015-02-04 14:29:03 3972143EE1A3AD5C732BE7B96A239BC1 3060224 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
2015-02-04 14:29:02 BE52EDAADE29AC59681B6CD60E257C92 8158720 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe
2015-02-04 14:29:01 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
2015-02-04 14:29:01 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe
2015-02-04 14:26:40 CBBAE1F5D338E83BA86557A15A119356 6870007 ----a-w- C:\Users\User\Downloads\A trainer's\ZHPDiag2.exe
2015-02-03 22:26:07 0739ACE3F8013D65099AE1656214142B 795728 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_40.0.2214.93_chrome_updater_b.exe
2015-02-02 14:59:21 FCC459BB8B8BF8BD500AD856305FDA70 2453504 ----a-w- C:\Users\User\Desktop\AdsFix.exe
2015-02-02 14:08:27 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\User\Downloads\JRT.exe
2015-01-30 02:18:41 95C947643A524B92926113EA8CFB9CE4 5459968 ----a-w- C:\Users\User\Documents\Silent Hill 2\Backup\sh2pc.exe
2015-01-30 01:38:35 3D76B2AC0A3EB4449F3677D5F0ACA230 127488 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{D3C80E77-E549-4F76-BC07-61DDBD950345}\Setup.exe
2015-01-29 21:51:27 BD217B63289396563D8E1CE82E20C405 52032 ----a-w- C:\Program Files (x86)\DAEMON Tools Lite\dtsoftbusinst64.exe
2015-01-29 18:48:05 524D55E97BD8ED961FBD2C6A36517DB7 29890 ----a-w- C:\Program Files (x86)\Tribo Gamer\Resident Evil 4 HD\Desinstalar a Tradução.exe
=== C: other files ==
2015-02-05 16:25:29 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\prelim.bat
2015-02-05 16:25:29 E49F9C309DC32E854A081507B89EBE39 11201 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat
2015-02-05 16:25:29 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\TDL4.bat
2015-02-05 16:25:29 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\medfos.bat
2015-02-05 16:25:29 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\surfvox.bat
2015-02-05 16:25:29 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\searchlnk.bat
2015-02-05 16:25:29 8BA81DD47CF392BEBEE506E3789F9FBA 14924 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\get.bat
2015-02-05 16:25:29 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\firefox.bat
2015-02-05 16:25:29 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\ev_clear.bat
2015-02-05 16:25:29 56CE326F6AAE3CF1709D332C04E8F9F1 191237 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\misc.bat
2015-02-05 16:25:29 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\ask.bat
2015-02-05 16:25:29 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\iexplore.bat
2015-02-05 16:25:29 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\delfolders.bat
2015-02-05 16:25:29 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\mws.bat
2015-02-05 16:25:29 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\User\AppData\Local\Temp\jrt\chrome.bat
2015-02-04 15:51:37 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\fallback\1\avchv.sys
2015-02-04 15:44:20 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\trufos.sys
2015-02-04 15:44:19 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\gzflt.sys
2015-02-04 15:44:10 C0247341C1BCD7FF2742821D0AD7AFBC 121928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
2015-02-04 15:44:10 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-02-04 15:44:10 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avc3.sys
2015-02-04 15:44:10 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-02-04 15:44:10 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avckf.sys
2015-02-04 15:44:10 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-02-04 15:44:10 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avchv.sys
2015-02-04 15:44:10 140FE153F556D543EBFD5B751DC89EE5 138920 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys
2015-02-04 15:39:21 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-02-04 15:39:21 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-02-04 15:38:58 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\trufos.sys
2015-02-04 15:38:57 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\User\AppData\Local\Temp\RarSFX0\gzflt.sys
2015-01-30 14:14:22 8D5C0CE634606101A7C46B694087EBB1 3072 ----a-w- C:\Users\User\Documents\Silent Hill 2\data\save\Folder 01\sh2pc.sys
2015-01-29 21:51:28 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2015-01-29 21:51:28 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Program Files (x86)\DAEMON Tools Lite\dtsoftbus01.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1952561570-3406765086-4093738655-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:
http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:
http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acer ePower Management"
"hkey"="HKLM"
"command"="C:\\Program Files\\Acer\\Acer PowerSmart Manager\\ePowerTrayLauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeDeluxeAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackupManagerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisTecLiveUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="FlashPlayerUpdate"
"hkey"="HKCU"
"command"="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_Plugin.exe -update plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwlDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlayMovie"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PLFSetI"
"hkey"="HKLM"
"command"="C:\\Windows\\PLFSetI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony PC Companion"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BrOffice.org 2.4.lnk]
"item"="BrOffice.org 2.4"
"path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BrOffice.org 2.4.lnk"
"backup"="C:\\Windows\\pss\\BrOffice.org 2.4.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\BROFFI~1.4\\program\\QUICKS~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"item"="Dropbox"
"path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\User\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/01/2014 09:14]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/01/2014 09:14]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\{1E7B8A58-122F-47A2-8D35-BDA62B836CE9}" [C:\Program Files (x86)\Warzone 2100-3.1.1\warzone2100.exe]
"C:\Windows\SysNative\tasks\{2CF54430-8428-4756-BB72-1398F48E115A}" [C:\Program Files (x86)\SecondLifeViewer\SecondLifeViewer.exe]
"C:\Windows\SysNative\tasks\{2E389E8D-1BCA-4D81-AA02-E5EE697C8CD4}" [C:\Program Files (x86)\Warzone 2100-3.1.1\warzone2100.exe]
"C:\Windows\SysNative\tasks\{9C97C6E0-59B9-433B-A52C-BA875EDC1EBE}" [C:\Program Files (x86)\Warzone 2100-3.1.1\warzone2100.exe]
"C:\Windows\SysNative\tasks\{9E6139D2-7B74-4542-8284-1D3A77CB9CC8}" [C:\Program Files (x86)\Warzone 2100-3.1.1\warzone2100.exe]
"C:\Windows\SysNative\tasks\{B410975C-D9F5-4EFE-B5DB-690307795632}" [C:\Program Files (x86)\SecondLifeViewer\SecondLifeViewer.exe]
"C:\Windows\SysNative\tasks\Recovery Management\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4kukb15.default-1399840422394
user_pref("browser.startup.homepage", "about:home");
==== Firefox Extensions ======================
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4kukb15.default-1399840422394
- Undetermined - {c07d1a49-9894-49ff-a594-38960ede8fb9}
- c07d1a49989449ffa59438960ede8fb9 - %ProfilePath%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\n4kukb15.default-1399840422394
1919A4E982A86647F79ADD23B9AC3E11 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.94 (Up to date, latest Stable version: 40.0.2214.94)
Google Slides - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Desprotetor.com - Desprotetor de links - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocohmmjllchepkjocddkihldoiillkl
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=30 folders=16 2597614 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 05/02/2015 at 16:54:09,65 ======================
Este tópico está fechado, você não pode
enviar
novas respostas.
Problemas com vírus? Saiba como criar um tópico para análise.
Acesse este link
