Remoção de vírus

[brunobyof]

Tem tudo a ver com adwares e outras pragas, é que os modems e roteadores podem ter brechas de segurança que podem ser exploradas para fins prejudiciais. Resetar eles para a configuração de fábrica é bem fácil: é só você ficar apertando (com algum objeto pontiagudo) aquele buraquinho na parte traseira deles por aproximadamente um minuto. Assim o equipamento voltará às configurações de fábrica dele. O único problema é que em alguns casos ao se fazer isto, se ele não acessar a internet normalmente, ele precisa ser configurado novamente. Aí se você não souber configurá-lo novamente, seria bom telefonar na sua operadora de internet e solicitar a eles um apoio nesta questão da configuração. Ou então antes de fazer isto você pode olhar na internet algum tutorial específico para seu aparelho.

Além disto, se a sua internet for via rádio é preciso que eles façam estes procedimentos também no servidor deles, porque aí a contaminação pode estar no servidor deles.

Entendi... obrigado pela explicação.
O foda é que aqui em casa é meu pai que banca a net, se eu fizer isso e não souber configurar tudo certinho, já prevejo o caminhão de bosta em cima de mim por causa disso kkk
Recentemente já a net veio em casa pra bota um roteador horrível, tive que botar o meu antigo junto pra pegar net pq meu celular e PC não pegavam o sinal desse roteador, mas usando o meu pega de boa, não sei pq, acessa a rede através de uma config mais antiga, de antes de o cara instalar o roteador da net, pois antes nem tinha roteador, era só o modem sem função de wi-fi.
Mas enfim, temo que essa medida eu irei evitar por não saber mexer com essas configs aí...não teria outra forma de me livrar dessa praga sem fazer isso?

Andei lendo nuns fóruns gringos sobre esses adwares que não somem, e além da hipótese do roteador hhhackeado, também tem um papo de que esses adwares são escritos de modo a ficarem presos a setores específicos escondidos do HD, de modo que não consegue pegá-los, e mesmo após formatar e resintalar o windows, eles continuam lá, que apenas uma deleção do setor e reformatação pra NTFS poderia lidar com issso....quer dizer, o negócio hj em dia tá tão avançado que praticamente pegou um desse já era, não tem o q fazer...

 

[Lightman]

Entendi... obrigado pela explicação.
...não teria outra forma de me livrar dessa praga sem fazer isso?

Aparentemente você resolveu tudo o que podia no seu pc, se o problema persiste então é na rede, não há como fugir, um reset do modem, uma reconfiguração com atualização dos drivers, que talvez até resolvesse o fato de você não conseguir se conectar com o modem novo e uma troca das senhas padrão.

Os adwares são o que te incomoda mas talvez eles nem sejam o maior problema e sim o fato da sua rede estar com a segurança comprometida, seus dados e de todos os computadores conectados nela podem ser capturados, podem ser usados como uma rede botnet e por aí vai...

É questão de conversar com seu pai e a assistência de seu provedor de rede.

 

[brunobyof]

Aparentemente você resolveu tudo o que podia no seu pc, se o problema persiste então é na rede, não há como fugir, um reset do modem, uma reconfiguração com atualização dos drivers, que talvez até resolvesse o fato de você não conseguir se conectar com o modem novo e uma troca das senhas padrão.

Os adware são o que te incomoda mas eles nem são o maior problema, mas o fato da sua rede estar com a segurança comprometida, seus dados e de todos os computadores conectados nela podem ser capturados, podem ser usados como uma rede botnet e por aí vai...

É questão de conversar com seu pai e a assistência de seu provedor de rede.

Certo, mas como explicar o fato de que o pc dele não está com esse problema dos adwares? sendo que eu conecto via wi-fi e ele via cabo? teria isso a ver?

 

[Rafael Turbo]

Sim, isto tem tudo a ver. Pelo cabo o roteador não influencia, conecte o seu PC via cabo e você vai ver que os adwares não deverão aparecer.
------------
E como você não tem muita experiência nesta questão, o melhor seria fazer como o Lightman e eu lhe dissemos: entrar em contato com o suporte da operadora e solicitar a eles que vão te dando o passo a passo para fazer este resetamento e posterior configuração corretamente.

 

[brunobyof]

ENtão pessoal, eu continuei minhas pesquisas aí e vi uma sugestão de um outro fórum que o cara tinha o mesmo roteador que eu da net e tal, o arris tg862, e no fim das contas ele simplesmente trocou o DNS pro DNS padrão do google e reinstalou o chrome, resolveu. Passou vários dias e não voltou o problema.
Fiz isso agora, usei o DNS Jumper, e ao invés de procurar um através daquela busca eu coloquei direto o DNS público do google que aparece na lista, 8.8.8.8 e 8.8.4.4
daí desinstalei o chrome e reinstalei usando o novo dns. até aqui os ads não apareceram, vamos ver se reiniciando o micro eles voltam!
Desejem-me sorte
------------

Sim, isto tem tudo a ver. Pelo cabo o roteador não influencia, conecte o seu PC via cabo e você vai ver que os adwares não deverão aparecer.
------------
E como você não tem muita experiência nesta questão, o melhor seria fazer como o Lightman e eu lhe dissemos: entrar em contato com o suporte da operadora e solicitar a eles que vão te dando o passo a passo para fazer este resetamento e posterior configuração corretamente.

Acho que deu certo! Reiniciei o pc e agora não aparecem mais os ads!
Vamos ver se nos próximos dias volta o problema, mas aparetentemente o problema foi resolvido. Passei novamente os programas anti malware citados e não acusou mais o PUP.

ENtão o lance foi a princípio mudar pro DNS padrão do google usando o DNSJumper e reinstalar o chrome....
Mesmo assim a ajuda foi muito valiosa! espero que não retorne o problema, mas se alguém tiver com esse problema testem isso.
Obrigado novamente a todos! Se o problema voltar eu aviso aqui
vlw

 

[Rafael Turbo]

Fico feliz que o problema tenha sido resolvido.

* Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
________________________________________________________________________________________________

* Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
________________________________________________________________________________________________

* Mantenha seu PC protegido de contaminações futuras de adwares e outras pragas seguindo as dicas deste artigo:

Tutorial completo do Unchecky
________________________________________________________________________________________________

< Cartilha de Segurança > << Link!

* Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções.
________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

 

[brunobyof]

Valeu as dicas! Já uso o ccleaner há um bom tempo e é mto bom mesmo, mas vou ver as outras dicas tbm.
Ah e sobre os ads, não apareceram mais não. O navegador ficou bem mais rápido inclusive após a reinstalação

 

[ArturAK47]

Rapaziada, usei o ZOEK e rodei o script

até agora nada de Ads

 

[Rafael Turbo]

Rapaziada, usei o ZOEK e rodei o script

até agora nada de Ads

Realmente o Zoek é muito bom. Mas se mesmo assim no futuro os adwares voltarem a te incomodar poste aqui que a gente busca a eliminação deles.

 

[xbox360brasil]

Boa noite galera, gostaria de uma ajudinha de vocês, aparentemente meu pc está limpo, mais uqeria saber mais afundo se tem algo que possa me incomodar futuramente, agradeceria a ajuda de vocês !!!

Spoiler: LOG HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:13, on 19/08/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Users\Lucas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKLM\..\Run: [PowerDVD15Agent] "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe 1
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Lucas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Lucas\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series"
O8 - Extra context menu item: Baixar Usando &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Alcohol Virtual AHCI Controller Management Service (AxVirtualAHCISrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAHCIServiceEx.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8036 bytes

 

[g4t0_d3_b0t4s]

Estou com um problema em meu PC de mesa. Meu irmão que adora baixar palhaçadas encheu ele com um(ns) daquele(s) vírus que ficam puxando páginas de propaganda. Passei o ADWCLEANER, mas não adiantou, apesar de ter identificado um. Estou até escrevendo de meu notebook, pois está muito foda de usar a internet no PC de mesa. Alguém tem como ajudar?

 

[g4t0_d3_b0t4s]

Aqui vai o log do ADW Cleaner:

Spoiler

# AdwCleaner v5.005 - Relatório criado 31/08/2015 às 15:43:36
# Atualizado 31/08/2015 por Xplode
# Banco de dados : 2015-08-25.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Part - PART-PC
# Executando de : C:\Users\Part\Downloads\AdwCleaner.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****

[-] Serviço Excluído : PrivoxyService

***** [ Pastas ] *****

[-] Pasta Excluído : C:\Program Files (x86)\Conduit
[-] Pasta Excluído : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Pasta Excluído : C:\ProgramData\apn
[-] Pasta Excluído : C:\ProgramData\AVG Secure Search
[-] Pasta Excluído : C:\ProgramData\AVG Security Toolbar
[-] Pasta Excluído : C:\ProgramData\SaveSenseLive
[-] Pasta Excluído : C:\ProgramData\WindowsMangerProtect
[-] Pasta Excluído : C:\ProgramData\Avg_Update_0215tb
[-] Pasta Excluído : C:\Users\Part\AppData\Local\NativeMessaging
[-] Pasta Excluído : C:\Users\Part\AppData\Local\SaveSense
[-] Pasta Excluído : C:\Users\Part\AppData\Local\SaveSenseLive
[-] Pasta Excluído : C:\Users\Part\AppData\LocalLow\Conduit
[-] Pasta Excluído : C:\Users\Part\AppData\LocalLow\Mysearchdial
[-] Pasta Excluído : C:\Users\Part\AppData\Roaming\GetPrivate
[-] Pasta Excluído : C:\Users\Part\AppData\Roaming\Mysearchdial
[-] Pasta Excluído : C:\Users\Part\AppData\Roaming\OpenCandy
[-] Pasta Excluído : C:\Users\Part\AppData\Roaming\SaveSense
[-] Pasta Excluído : C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense

***** [ Arquivos ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****

[-] Tarefa Excluída : SaveSenseLiveUpdateTaskMachineCore
[-] Tarefa Excluída : SaveSenseLiveUpdateTaskMachineUA

***** [ Registro ] *****

[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Chave Excluída : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
[-] Chave Excluída : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Chave Excluída : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Chave Excluída : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Chave Excluída : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Chave Excluída : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
[-] Chave Excluída : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chave Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
[-] Chave Excluída : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Chave Excluída : HKU\.DEFAULT\Software\SaveSenseLive
[-] Chave Excluída : HKU\.DEFAULT\Software\Avg Secure Update
[-] Chave Excluída : HKCU\Software\InetStat
[-] Chave Excluída : HKCU\Software\InstallCore
[-] Chave Excluída : HKCU\Software\SaveSense
[-] Chave Excluída : HKCU\Software\SaveSenseLive
[-] Chave Excluída : HKCU\Software\Avg Secure Update
[-] Chave Excluída : HKCU\Software\AppDataLow\Software\Conduit
[-] Chave Excluída : HKLM\SOFTWARE\Conduit
[-] Chave Excluída : HKLM\SOFTWARE\mysearchdial
[-] Chave Excluída : HKLM\SOFTWARE\SaveSenseLive
[-] Chave Excluída : HKLM\SOFTWARE\SupDp
[-] Chave Excluída : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Chave Excluída : HKLM\SOFTWARE\webssearchesSoftware
[-] Chave Excluída : HKLM\SOFTWARE\Avg Secure Update
[-] Chave Excluída : HKLM\SOFTWARE\SecureWebChannel
[!] Chave Não Excluída : [x64] HKCU\Software\InetStat
[!] Chave Não Excluída : [x64] HKCU\Software\InstallCore
[!] Chave Não Excluída : [x64] HKCU\Software\SaveSense
[!] Chave Não Excluída : [x64] HKCU\Software\SaveSenseLive
[!] Chave Não Excluída : [x64] HKCU\Software\Avg Secure Update
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\AppDataLow\Software\Conduit
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savesenselive.exe
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Chave Não Excluída : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Chave Não Excluída : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\SearchScopes\Web
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Chave Não Excluída : HKU\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Dados Restaurar : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Navegadores ] *****

[-] [C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13329 bytes] ##########

Após a limpeza:

Spoiler

# AdwCleaner v5.005 - Relatório criado 31/08/2015 às 16:10:24
# Atualizado 31/08/2015 por Xplode
# Banco de dados : 2015-08-25.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Part - PART-PC
# Executando de : C:\Users\Part\Downloads\AdwCleaner.exe
# Opção : Verificar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [571 bytes] ##########

 

[g4t0_d3_b0t4s]

O log do JRT:

Spoiler

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Ultimate x64
Ran by Part on 31/08/2015 at 17:12:14,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] bdapiutil [Reboot required]
Successfully deleted: [Service] bdcameraprotect [Reboot required]
Successfully deleted: [Service] bfilter [Reboot required]
Successfully deleted: [Service] bfmon [Reboot required]
Successfully deleted: [Service] bprotect [Reboot required]
Successfully deleted: [Service] bprotectex [Reboot required]
Successfully deleted: [Service] pcfapiutil [Reboot required]



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update RightSurf



~~~ Files

Successfully deleted: [File] C:\ProgramData\1387060668.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387061264.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387061358.2380.bin
Successfully deleted: [File] C:\ProgramData\1387061358.2756.bin
Successfully deleted: [File] C:\ProgramData\1387061358.3632.bin
Successfully deleted: [File] C:\ProgramData\1387061643.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387061720.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387838492.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387838533.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1387838781.bdinstall.bin



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\breakingnewsalert
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Successfully deleted: [Folder] C:\Users\Part\Appdata\Local\breakingnewsalert
Successfully deleted: [Folder] C:\Users\Part\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\Part\AppData\Roaming\mipony



~~~ Chrome


[C:\Users\Part\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Part\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Part\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Part\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/08/2015 at 18:25:34,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[g4t0_d3_b0t4s]

Log do Zoek, tendo em mente que, com este, retirei o vírus, se ainda houver alguns erros e puderem me apontar, agradecerei:

Spoiler

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Part on 31/08/2015 at 18:41:40,76.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Part\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31/08/2015 18:45:59 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\Part\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3819886891-988957385-1547172180-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PnoiDd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Part\AppData\Roaming\Mozilla\Firefox\Profiles\7grxtxq5.default\prefs.js:

Added to C:\Users\Part\AppData\Roaming\Mozilla\Firefox\Profiles\7grxtxq5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\Part\AppData\Local\Aplicativo Itau deleted
C:\Users\Part\AppData\Local\AVG Web TuneUp deleted
C:\PROGRA~2\Jelbruss Secure Web deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Part\AppData\Roaming\WB.CFG deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-3819886891-988957385-1547172180-1000 deleted
C:\windows\SysNative\Tasks\avastBCLRestart_chrome.exe deleted
C:\Users\Part\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Users\Part\Desktop\Continue Junkware Removal Tool.lnk deleted
C:\Users\Part\AppData\Roaming\unins000.exe deleted
C:\Users\Part\AppData\Roaming\unins001.exe deleted
C:\Users\Part\AppData\Roaming\unins002.exe deleted
"C:\Users\Part\AppData\Local\{9194B14C-B1B4-46E0-B05D-9311DD34E07B}" deleted
"C:\Users\Part\AppData\Local\{C5FAA212-A4F1-4CFC-9FEA-14606C3156FC}" deleted
"C:\PROGRA~3\bsRWBcnL\info.dat" not deleted
"C:\PROGRA~3\bsRWBcnL\PnoiDd.dat" not deleted
"C:\PROGRA~3\bsRWBcnL\PnoiDd.exe" deleted
"C:\PROGRA~3\bsRWBcnL\dat\cbubTldLm.dll" not deleted
"C:\PROGRA~3\bsRWBcnL\dat\FandqycL.dll" not deleted
"C:\PROGRA~3\bsRWBcnL\dat\fJBlBltd.exe" not deleted
"C:\PROGRA~3\bsRWBcnL\dat\fJBlBltd.exe.config" not deleted
"C:\PROGRA~3\bsRWBcnL\dat\YkrqouB.exe" not deleted
"C:\PROGRA~3\bsRWBcnL\dat\YkrqouB.exe.config" not deleted
"C:\PROGRA~3\bsRWBcnL" not deleted
"C:\PROGRA~3\bsRWBcnL\dat" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Part\AppData\Roaming\Mozilla\Firefox\Profiles\7grxtxq5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Part\AppData\Roaming\Mozilla\Firefox\Profiles\7grxtxq5.default
user_pref("network.proxy.type", 5);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/08/2015 15:30]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Part\AppData\Roaming\Mozilla\Firefox\Profiles\7grxtxq5.default
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
1DE5D05F67114FAEA17AD47B5E01DF6F - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
A7D38CD759C7AD594D1B255001BDDD8E - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
B8CFF778A75C685AAC275BFC00BB8FD8 - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
D006D3FEB1F62EB274A42FDDD008985C - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04/08/2014 16:59]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/06/2015 16:55]
mdebcffgnijbblbinknkbefciofebcda - C:\Users\Part\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[17/10/2013 19:21]
mdebcffgnijbblbinknkbefciofebcda - C:\Users\Part\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx[]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Part\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[26/07/2014 11:43]

Google Slides - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Banco Ita\u00FA - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
GBBD Guardião - Itaú 30 horas - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Chrome Hotword Shared Module - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Part\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Banco Itaú - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnjbodopomfddehlalfilheomcahbpei
Gmail - Part\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Preferences
"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"132\",\"width_microns\":76200},{\"custom_display_name\":\"Cartão de Ãndice 5x8 pol.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"133\",\"width_microns\":127000},{\"custom_display_name\":\"Cartão fotogr. 10x20 cm (aba)\",\"height_microns\":203200,\"vendor_id\":\"134\",\"width_microns\":101700},{\"custom_display_name\":\"Hagaki 100x148 mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"136\",\"width_microns\":100000},{\"custom_display_name\":\"Gabinete\",\"height_microns\":165100,\"vendor_id\":\"137\",\"width_microns\":119800},{\"custom_display_name\":\"Tamanho E\",\"height_microns\":117000,\"vendor_id\":\"138\",\"width_microns\":82500},{\"custom_display_name\":\"Hagaki sem margem 100x148 mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"139\",\"width_microns\":99900},{\"custom_display_name\":\"Panorama sem margem 10x25 cm\",\"height_microns\":254000,\"vendor_id\":\"140\",\"width_microns\":101600},{\"custom_display_name\":\"Panorama sem margem 10x30 cm\",\"height_microns\":304800,\"vendor_id\":\"141\",\"width_microns\":101600}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP Deskjet D2400 series\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"customMargins\":null,\"vendorOptions\":{},\"dpi\":{\"horizontal_dpi\":600,\"vertical_dpi\":600},\"marginsType\":0,\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\",\"isColorEnabled\":true}","savePath":"C:\\Users\\Part\\Desktop"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]www.tatame.com.br,*":{"setting":1},"http://dropshare.biz:80,http://www.assistirfilmesdublados.com.br:80":{"setting":1},"https://[*.]www.facebook.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"http://www.encontreobb.com.br:80,http://www.encontreobb.com.br:80":{"last_used":1433780000,"setting":1},"http://www.listamais.com.br:80,http://www.listamais.com.br:80":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://translate.google.com.br:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{"[*.]www.consultaprocessos.rj.gov.br,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]www.consultaprocessos.rj.gov.br,*":{"popups":1},"[*.]www.tatame.com.br,*":{"fullscreen":1},"http://dropshare.biz:80,http://www.assistirfilmesdublados.com.br:80":{"fullscreen":1},"http://www.listamais.com.br:80,http://www.listamais.com.br:80":{"geolocation":1,"last_used":{"geolocation":1427993625}},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://translate.google.com.br:443,*":{"last_used":{"media-stream-mic":1427484737},"media-stream-mic":1}},"pref_version":1},"created_by_version":"39.0.2171.99","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Pessoa 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{},"selectfile":{"last_directory":"C:\\Users\\Part\\Downloads\\CurrÃculos\\Empregos Comuns"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13066261642218766"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["pt"],"translate_denied_count":{"en":4},"translate_last_denied_time":1,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
est":{"background":{"page":"events.html"},"current_locale":"pt_BR","default_locale":"pt_BR","description":"Módulo Adicional de Segurança CAIXA","icons":{"128":"128.png","16":"16.png","48":"48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJDJJossyJ4ttRfERaSI4tsJUSMeozkKkh7R+zzCHPpB+UHHm+VsUvUWAzuxQs6RmpJH7R4Ce0ctVPXBtQCe8tDF8xV1yW2psWExZQluppXGXyVcZ5IwZk7wL0KI01HIUYtPddtgT0s7+hvyNpnB2O6K/SW/Co/k5ThgPf20ulPQ+pik0LANJhN2iRoXMRc4kNOm2s7K8RUahrZja2xWJO9qGXPLLlIHRo6Ph+xb5DIgvQ+ceKkHw0fvOB6SA/FYnnkI/vlZWyttqund635JZD8m2UoY4FCB1y/W5LAuPbWwQR8kfEXi7gAIKgLA3B5AzYuVVLPAqnzGqu/ShNaXywIDAQAB","manifest_version":2,"name":"GBBD Caixa Economica Federal","permissions":["webRequest","webRequestBlocking","tabs","browsingData","contentSettings","<all_urls>"],"update_url":"https://clients2.google.com/service/update2/crx","version":"3.7.2"},"path":"pbcaplhfkihhldmlbjhgajdeghjdbffi\\3.7.2_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071969243726235","lastpingday":"13079775598087523","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"pt_BR","default_locale":"en","description":"E-mail rápido e pesquisável com menos spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"","homepage_changed":true,"homepage_is_newtabpage":true,"pinned_tabs":[],"prefs":{"preference_reset_time":"13072844137286153"},"protection":{"macs":{"browser":{"show_home_button":"AE50D71765EA92E4A657BF030574CE8084B0EDC2DF333A80E512C94F7ED89E87"},"default_search_provider":{"keyword":"496A12EF4C5FA2B057E890891D353B7DE34C9510D785EE6FC1B3E65598C83188","name":"3B51CCDFB9FF7AFC80DC4DE3A550A6463CF22A18FC2E36FB746441A446F240C4","search_url":"C158B6434BFACDA408C8AD36F737A959742BC424587CB7B22654AB5FDFC18969"},"default_search_provider_data":{"template_url_data":"6C62C9364E64DA7AE425A7335BC887F45EA20622718356B264D38DD266F1564F"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"0461636BF893A036CDF69B6FAE8D00CA71109BE6F4F521DCA646D4D1C6B8DDC4","ahfgeienlihckogmohjhadlkjgocpleb":"36A4EF8AF10F0FDEF2FFA63D897AF9E5AE04E181DA2AD97E1A98572ECA93F132","aohghmighlieiainnegkcijnfilokake":"1DB773B0358E0D4AF722E8D4C58BF03DDB615334A1A4A35EDF3CC3F1E4190668","apdfllckaahabafndbhieahigkjlhalf":"EFF0C87C8E529313D7273AF047E7D4798EF355735D2A1F517A2071522D83D9E7","bepbmhgboaologfdajaanbcjmnhjmhfn":"BBBFEB8D88E54A747348C1FFF2590D688D433A49BD4EE6D7105ACF00208AEEC1","blpcfgokakmgnkcojhhkbfbldkacnbeo":"427F1DE617772717F16A7536E212C491EBB6BCC53434A2290880824106F1FF06","caimihdmbpgddfpkbochehpehdglpcim":"E1459BC11573087F4CB4B0BA44537F2BD5FF0789C7B9F78B20452857D973A427","coobgpohoikkiipiblmjeljniedjpjpf":"457B202E3B14E9003DF391C5E775552D39A9942F1D23499A7A7038C42D97BF13","eemcgdkfndhakfknompkggombfjjjeno":"7CFA09B5A98DCED1529F03F550930DD0C6680E968102FDE6380A577E402CA249","ennkphjdgehloodpbhlhldgbnhmacadg":"272886059615829CC5CFE3C035055D882012CC1CF4719CFF6F8A58A8849DF9C6","eofcbnmajmjmplflapaojjnihcjkigck":"E0EB539FAB3CB482885F80EABAB3EF6A2C729A83B21B62B64AA949AE66317BBD","felcaaldnbdncclmgdcncolpebgiejap":"667739C54671D4C0A015251B46DDA3677252740C577201F39FDDE5866280AAC3","gfdkimpbcpahaombhbimeihdjnejgicl":"35CB68D8DB04C0E19741890D5157106FE158AB44C95C7751397CF53E3215BEEB","gomekmidlodglbbmalcneegieacbdmki":"821C07CC39D4D510B9D3DAF64DBC848D6463EE756CEE823D431371C03B3FE4CB","kgmpojlddncminmkddkpoegdjhojjipg":"F79AF1BC94017FD94E8307207A668B09EE76F5BF686A00D0691C4D8FDAAF47AD","kmendfapggjehodndflmmgagdbamhnfd":"9CE3CF2B2DED54668BF9AA0CA2886DC207CD319FEB48E6359CB577B195FC3DBE","lccekmodgklaepjeofjdjpbminllajkg":"1C30FE9E281B353B1DA7BCF894CCC8ADF3A09E015058E2C2F3740104077FE6A6","mdebcffgnijbblbinknkbefciofebcda":"9012DF219F913A0B92ED7FEA81E629143B8BA0CFFBDB71395F367D62F5517956","mfehgcgbbipciphmccgaenjidiccnmng":"7D65B54A5C962BA1D914027B2754AA4EC5FCBD1DED7167C177E012F789C28305","mfffpogegjflfpflabcdkioaeobkgjik":"14E512E9B2A6322DCBC9F71A77CE32A882327E0EDC609EB995E8F2CC263FF744","mgndgikekgjfcpckkfioiadnlibdjbkf":"75BE2D3804A374FB9422EB01AFE2AB129B00F0284583CCC5C25D86941552AB00","mhjfbmdgcfjbbpaeojofohoefgiehjai":"D3EAF84E179AC9D77C105F950F783D2218740047B835FDE770295E8E7FAEB29F","nbpagnldghgfoolbancepceaanlmhfmd":"213A01E38E012BE1359CE89D885C143FEC58C50921CBADA499E721FFA7D7C170","ndibdjnfmopecpmkdieinmbadjfpblof":"A0D7318166DB8A4A426F24248696107DDBEFFAF99A565145A64FEA6909C83A52","neajdppkdcdipfabeoofebfddakdcjhd":"A0DA7C2E87497E6173D19EC1AB16FAD7B5C9B48C2E0B9C8B56DE7F639E63ADA8","nkeimhogjdpnpccoofpliimaahmaaome":"B1194D386AE414D79ADED2C8B2E72D3632A3921377CDFB918AD1D64383504AC7","nmmhkkegccagdldgiimedpiccmgmieda":"DE6C4897A695361877096D368C12A0B81E13E6916D91EE39B5719ADC988831F0","nnjbodopomfddehlalfilheomcahbpei":"28779FBBA2F04C0F7648E0B6CA84C280A9EB30959242D6EC427C53EAE268DB4E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"75591BD02755B1A8700A0D1004DC2B4F62F8958F4BF446B886BF7B94F95CBC8E","pbcaplhfkihhldmlbjhgajdeghjdbffi":"E621957942FC486D1727986BBD95F8521D158C0F0CE93D51CB7CF25C823F599D","pjkljhegncpnkpknbcohdijeoejaedia":"3DC19EBA116855AF372AA94965EB1D0C686247FC4578D1B37025A7BBD1C85E4C"}},"google":{"services":{"last_username":"07E21DA11EBA54EE72F117CD0FB1F4F90E083F11589EC41A22ABABD4AA854A44","username":"F8E9DC60F7FBFA5274F726EC56F9BF1933041CDFF099958FD18AED41FC38E99B"}},"homepage":"017BBC6FADACFB6DE5CEC6791494E32CB0C8CF8A04B61AE92BEFF0345D38F360","homepage_is_newtabpage":"212DA57ED1A4D862A8DF3A40EF7397504F7F4BD145682462E92F6E4A066E99D6","pinned_tabs":"4DC5879D41EF143739BDCD36763D765633F6EBB425E14C7705518D68672C0E2F","prefs":{"preference_reset_time":"B37E21EF70DA1D97C4CDC8120DABE45A157B312F5D4892F69ABBA586FADFB22C"},"profile":{"reset_prompt_memento":"AAFC2ECD8040F966A8EF854AF794B32E0962BEF63ABD759DD309C180DF3A769F"},"safebrowsing":{"incidents_sent":"8DF16FBEBD4DC49CB2F2A96CBEB3C7A6136AF15506756FF1198BFD45D5E01DD7"},"search_provider_overrides":"F1BAC2620DF1DDFB63F37E1ED17C3C189B642496F3EF5A845CDB0A219BD10ABA","session":{"restore_on_startup":"8495BB63C92F07AAEE12A4BFEB172509C61414B0A708F03D4B50D083745A633A","startup_urls":"CE101D8B1121A6579B9BCAA93749E92474F897E9B494D2905A12980A77458278"},"software_reporter":{"prompt_reason":"96B5416DAE10BAC9F3D3C33B40BED7B4C97BC9E3E0DB7871A3D3C9C03DD3D003","prompt_seed":"1626517F3821F41CD819441C580CC1571CEF59B9ACF075C352FF004917AB41B1","prompt_version":"A64FE487B7B68F7FEB05F48FD2AA4312F1BDB6F1D985FDB208632A4A5D38683C"},"sync":{"remaining_rollback_tries":"2DB081426E87DD9B9602D9FF309069E38B21984A70CB0F8EE1525DC7270044C9"}},"super_mac":"244FCDB7239FF971D066E77633AFEFCBD29DA16976B385B72A7A879422B7A66D"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}

C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
ttps://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{"https://[*.]intranet.ufrj.br:443,*":{"setting":1}},"javascript":{"https://[*.]intranet.ufrj.br:443,*":{"setting":1}},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{"https://[*.]intranet.ufrj.br:443,*":{"setting":1}},"notifications":{},"plugins":{"[*.]java.com,*":{"setting":1},"[*.]www.runescape.com,*":{"setting":1},"https://[*.]bankline.itau.com.br:443,*":{"setting":1},"https://[*.]banklineplus.itau.com.br:443,*":{"setting":1},"https://[*.]intranet.ufrj.br:443,*":{"setting":1},"https://[*.]secure.runescape.com:443,*":{"setting":1}},"popups":{"[*.]estudandogeologia.blogspot.com.br,*":{"setting":1},"[*.]globoesporte.globo.com,*":{"setting":1},"[*.]srv85.tjrj.jus.br,*":{"setting":1},"[*.]www.46cbg.com.br,*":{"setting":1},"[*.]www.baixaki.com.br,*":{"setting":1},"[*.]www.omelhordatelona.biz,*":{"setting":1},"[*.]www.runescape.com,*":{"setting":1},"[*.]www.siga.ufrj.br,*":{"setting":1},"[*.]www.vagas.com.br,*":{"setting":1},"https://[*.]contaonlinepf.claro.com.br:443,*":{"setting":1},"https://[*.]intranet.ufrj.br:443,*":{"setting":1},"https://[*.]itaubankline.itau.com.br:443,*":{"setting":1},"https://[*.]siga.ufrj.br:443,*":{"setting":1},"https://[*.]www.qconcursos.com:443,*":{"setting":1},"https://[*.]www.siga.ufrj.br:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]estudandogeologia.blogspot.com.br,*":{"popups":1},"[*.]globoesporte.globo.com,*":{"popups":1},"[*.]java.com,*":{"plugins":1},"[*.]miscelanea.biz,*":{"fullscreen":1},"[*.]srv85.tjrj.jus.br,*":{"popups":1},"[*.]www.46cbg.com.br,*":{"popups":1},"[*.]www.baixaki.com.br,*":{"popups":1},"[*.]www.omelhordatelona.biz,*":{"popups":1},"[*.]www.runescape.com,*":{"plugins":1,"popups":1},"[*.]www.siga.ufrj.br,*":{"popups":1},"[*.]www.vagas.com.br,*":{"popups":1},"http://globoesporte.globo.com:80,http://globoesporte.globo.com:80":{"fullscreen":1},"http://www.climatempo.com.br:80,http://www.climatempo.com.br:80":{"geolocation":1,"last_used":{"geolocation":1417537342.889102}},"http://www.samsung.com:80,http://www.samsung.com:80":{"geolocation":1,"last_used":{"geolocation":1415382998.923772}},"https://[*.]bankline.itau.com.br:443,*":{"plugins":1},"https://[*.]banklineplus.itau.com.br:443,*":{"plugins":1},"https://[*.]contaonlinepf.claro.com.br:443,*":{"popups":1},"https://[*.]intranet.ufrj.br:443,*":{"fullscreen":1,"images":1,"javascript":1,"mouselock":1,"plugins":1,"popups":1},"https://[*.]itaubankline.itau.com.br:443,*":{"popups":1},"https://[*.]secure.runescape.com:443,*":{"plugins":1},"https://[*.]siga.ufrj.br:443,*":{"popups":1},"https://[*.]www.qconcursos.com:443,*":{"popups":1},"https://[*.]www.siga.ufrj.br:443,*":{"popups":1},"https://intranet.ufrj.br:443,*":{"media-stream-camera":1,"media-stream-mic":1,"notifications":1},"https://intranet.ufrj.br:443,https://intranet.ufrj.br:443":{"geolocation":1},"https://mail.google.com:443,*":{"last_used":{"notifications":1423767670.524768},"notifications":1},"https://mail.google.com:443,https://mail.google.com:443":{"last_used":{"notifications":1427470312.197743}},"https://www.facebook.com:443,https://www.facebook.com:443":{"fullscreen":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"43.0.2357.130","exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13085529994144223","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Thiago Fagundes","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Part\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\Part\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13080014217473923"},"signin":{"signedin_time":"13080020265886755"},"sync":{"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuzxiamY2sEmV/0JqtRWQ/gAAAAACAAAAAAAQZgAAAAEAACAAAADZb6A2RZmeQzkvjiVT6gaQRQpIc5euM2LekdQH/H0oAgAAAAAOgAAAAAIAACAAAAAx7+v5T5tBL3LW7IGmDzJSjDHhtJN5p1DyJTd+O6XsmkAAAADgknUqyaDJvqxGZlcZ68La5LxAauXmaPlvC+bbfl3nvnSjpeBxIWp/EeTJvly7Hh/sxJ7PMmbSzlIA0YzXVb6YQAAAACkeGLRNro8dFET7wDS3la51+8Yx77MgFZczZ+cDLW5CknquGHcEq2c1fNyigwqEMCIOK9MSDjQNRVeoQa/7REc=","first_sync_time":"13080020266108755","has_setup_completed":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuzxiamY2sEmV/0JqtRWQ/gAAAAACAAAAAAAQZgAAAAEAACAAAABm0q+SV6du+GkWw+hPs8D/qQT6nxpbymKgf8lekoPXKQAAAAAOgAAAAAIAACAAAABbnhYY3q9TBWxWyxqyNIRlsPptt22oppX3zT0fYE5MJVAAAAAjug94FkzHJ9m5AE0XHM53nSJ07CBSkeKwJzlBSclYwxTyYypVBDyyZOjAbeQ9wEVdgA51RpeyU81hsTuyN5vzPdDYq8GUQ23Ht9d1HmrmCUAAAABOLf7TAP2KRLa7R0vIcnqMjjyPClSIF+z+IOtLv4pi0MytOufuOHgK8aR7+dOzXGWciBZi2G+MYxt6hz9u8upP","last_synced_time":"13085530751361479","memory_warning_count":60,"session_sync_guid":"session_syncO8YlrxY6b5S0sTjwImEnhw==","shutdown_cleanly":true,"suppress_start":false},"sync_promo":{"startup_count":6},"translate_accepted_count":{"en":0,"es":1,"fr":0,"zh-CN":1},"translate_blocked_languages":["pt"],"translate_denied_count":{"en":3,"es":0,"fr":1,"zh-CN":0},"translate_denied_count_for_language":{"en":4},"translate_language_blacklist":["en"],"translate_last_denied_time_for_language":{"en":1437877723989.895},"translate_site_blacklist":["pt-br.facebook.com","www.facebook.com"],"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"en":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
:true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"thiagorpf@gmail.com","last_username":"thiagorpf@gmail.com"}},"homepage":"http://search.babylon.com/?AF=109540&babsrc=HP_ss&mntrId=ee9dfadf0000000000006cf049f07ac2","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"12B1C167F92F1333467FE24DE69EC5FD57A74C97DD35024507251A7FF81E7DBD"},"default_search_provider":{"keyword":"496A12EF4C5FA2B057E890891D353B7DE34C9510D785EE6FC1B3E65598C83188","name":"3B51CCDFB9FF7AFC80DC4DE3A550A6463CF22A18FC2E36FB746441A446F240C4","search_url":"C158B6434BFACDA408C8AD36F737A959742BC424587CB7B22654AB5FDFC18969"},"default_search_provider_data":{"template_url_data":"E447E6438D953063CCEA4122737A5EDAE7AE5462945AB43BA221A01FCB8564A1"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"CFFC4F6A12EC42A346E7E4D80209AB954F66E37AA8C62AFB56EFBB21E8CD5BED","apdfllckaahabafndbhieahigkjlhalf":"1E931B516F4E7D4EEB5E43D680C44611E7E7A29507B6D97A9CD6B7726C25A0D8","bepbmhgboaologfdajaanbcjmnhjmhfn":"BBBFEB8D88E54A747348C1FFF2590D688D433A49BD4EE6D7105ACF00208AEEC1","blpcfgokakmgnkcojhhkbfbldkacnbeo":"853ACDA7CF1F9C53A141ADFB42EB8BAD3EFC497ACD8B9B846C4ADF47A48E0AAB","caimihdmbpgddfpkbochehpehdglpcim":"7CD31B43D16780BC2C22F09EC294FE5C8FF87CB4D27D2C8708F30A11A62EBB4E","coobgpohoikkiipiblmjeljniedjpjpf":"47041245702EFDE28BEE59B44DC02803B411B271F9CAFAB211E1D705D96747FD","eemcgdkfndhakfknompkggombfjjjeno":"62BE1737892F215EC22C0457B27F79DD74E9268529FEA5888A03186B634BFB4A","ennkphjdgehloodpbhlhldgbnhmacadg":"40B1AF6DB25F8CA2107E0C2C20A07A5FF73FD8A4D6BEAD27F47F2C41EE74F052","eofcbnmajmjmplflapaojjnihcjkigck":"3C2746CB74C79ADDCF3E36B88A52020FA3599634288B56FD781AE4ED37FFBA17","fdaecpleihlfdaggncedoblhbcofimon":"085614B8FEE49AFF09F33F4D7F37882D927236686236DC50DBD6049432D0E16D","gfdkimpbcpahaombhbimeihdjnejgicl":"F12959F9C032DBC68CBAA89CB3D77F57853BAF8730CBDF74AE47F138D746F338","gomekmidlodglbbmalcneegieacbdmki":"3E67E0A020AC008157408D9FF389816B7DB4AEC8812902E87BA09D931A1FAFF5","kmendfapggjehodndflmmgagdbamhnfd":"BFF78BA86C9AF5BD5ED3C9C7DD1CF87C110774200D5411F772F0D01DD15A86C0","lccekmodgklaepjeofjdjpbminllajkg":"DDDD3E914945C4129CC808EC5932ED4FE61C5D6BD45AFBF8A30F10476C6C1257","mdebcffgnijbblbinknkbefciofebcda":"73695FB6268E00F95DEF679BEFC4F839D85BEAAE282F0C62ADD5A11FFE3C4F3A","mfehgcgbbipciphmccgaenjidiccnmng":"FD7085F59D79A84308AF970B155B8B25288857997DD85549004B8D7C507F5BB6","mfffpogegjflfpflabcdkioaeobkgjik":"5E913B4D016D8AC8A349C1662BE2A5C01C80B1EB8CCD8E2B14E09864FE3AFD4D","mgndgikekgjfcpckkfioiadnlibdjbkf":"FB44F99C8F4044867A47D5460461A95637ED2353D6E58A38BFF7F49A06498249","mhjfbmdgcfjbbpaeojofohoefgiehjai":"B08B18E03F54E33FD31426DDDB32EC2AD22C9FE3A7B8E1FC298511D908BF7588","nbpagnldghgfoolbancepceaanlmhfmd":"D010C1C73F6AA7DF740AC25A8FFF2EBA7A21432F78857F343DAFD98FD81C9255","neajdppkdcdipfabeoofebfddakdcjhd":"7FB265AE15A41F39BB9AA92E682C5AE9BE5126A9BEF8DD77B619E7F542508E3F","nkeimhogjdpnpccoofpliimaahmaaome":"5FEB48775E0B8B4525C71A5BC381B80C0FC52528CC15A3C74E8365E411AFDA0E","nmmhkkegccagdldgiimedpiccmgmieda":"39F5C9CFEEE20312DC5CDC1CB3F76DB376D2B00BC735F878D433BCCB381B945A","nnjbodopomfddehlalfilheomcahbpei":"6DC1450361B8AEDBFE993AF28862549F83F095664AE5F94BB29C097DE605F835","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AF1DD173DCCDEC38FB2B1D254798CC3B74D693BF06B0C2266B85B159D918DD93","pjkljhegncpnkpknbcohdijeoejaedia":"F9910AB41D6A0FB5BFDAAED3F2C57BF4016B3642CB93C37C7F35F9EFA71D9921"}},"google":{"services":{"account_id":"014359236106CAC16AEB6A82367C937AC3D488838AAC197F181929ED24263243","last_username":"5A52B0AD29B6E1A4109E3A861191224109545FB7862ACBF7012A7FA234052FE6","username":"F8E9DC60F7FBFA5274F726EC56F9BF1933041CDFF099958FD18AED41FC38E99B"}},"homepage":"F2EB819F3AD0749B89EED9D07B4954D9BA93AAFD09974ADBFF85E9440E0F3EE0","homepage_is_newtabpage":"212DA57ED1A4D862A8DF3A40EF7397504F7F4BD145682462E92F6E4A066E99D6","pinned_tabs":"4DC5879D41EF143739BDCD36763D765633F6EBB425E14C7705518D68672C0E2F","prefs":{"preference_reset_time":"EE7D18B34FCF4C73A11174CCE3C0AE61F72E15D7E2B37CEA3F52B4EA05E5F468"},"profile":{"reset_prompt_memento":"AAFC2ECD8040F966A8EF854AF794B32E0962BEF63ABD759DD309C180DF3A769F"},"safebrowsing":{"incidents_sent":"8DF16FBEBD4DC49CB2F2A96CBEB3C7A6136AF15506756FF1198BFD45D5E01DD7"},"search_provider_overrides":"F1BAC2620DF1DDFB63F37E1ED17C3C189B642496F3EF5A845CDB0A219BD10ABA","session":{"restore_on_startup":"8495BB63C92F07AAEE12A4BFEB172509C61414B0A708F03D4B50D083745A633A","startup_urls":"3EF9E9C5E9474D6F101B933A7D3CA00209C4DF58E13699E2AC7A8C6D44B644EF"},"software_reporter":{"prompt_reason":"96B5416DAE10BAC9F3D3C33B40BED7B4C97BC9E3E0DB7871A3D3C9C03DD3D003","prompt_seed":"1626517F3821F41CD819441C580CC1571CEF59B9ACF075C352FF004917AB41B1","prompt_version":"A64FE487B7B68F7FEB05F48FD2AA4312F1BDB6F1D985FDB208632A4A5D38683C"},"sync":{"remaining_rollback_tries":"2DB081426E87DD9B9602D9FF309069E38B21984A70CB0F8EE1525DC7270044C9"}},"super_mac":"D946C3CF655ABEE0C46AAF994FAD6626B88AB72CB1E2F6C3651F67015E052FD8"},"session":{"restore_on_startup":4,"startup_urls":["https://search.protectedio.com/?u=e08223c46506a76c3d15869d00538919&c=p1&src=hp&inst=1440790275"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage deleted successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage-journal deleted successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_shopping.uol.com.br_0.localstorage deleted successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_shopping.uol.com.br_0.localstorage-journal deleted successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="https://search.protectedio.com/?u=e08223c46506a76c3d15869d00538919&c=p1&src=hp&inst=1440790275"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="https://search.protectedio.com/?u=e08223c46506a76c3d15869d00538919&c=p1&src=hp&inst=1440790275"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} Search IO Url="https://search.protectedio.com/sear...d15869d00538919&c=p1&src=srch&inst=1440790275"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

==== Reset Google Chrome ======================

C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Part\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Part\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Part\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Part\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Part\Desktop\Itaú.lnk -
C:\Users\Part\Desktop\jogotempo.lnk - C:\Program Files (x86)\jogotempo\jogotempo.url
C:\Users\Part\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Part\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\Users\Part\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\Part\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Part\Desktop\µTorrent.lnk -
C:\Users\Part\Desktop\Documentos\Documents\BACKUP (D) - Atalho.lnk - D:\
C:\Users\Part\Desktop\Documentos\Documents\Dropbox.lnk - C:\Users\Part\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Part\Desktop\Documentos\Documents\Jaksta Streaming Media Recorder.lnk - C:\Program Files (x86)\Jaksta Technologies\Jaksta Streaming Media Recorder\jsmrp.exe
C:\Users\Part\Desktop\Documentos\Documents\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Part\Desktop\Documentos\Documents\Recuperados dos Backup's antigos\Monolith Productions - Atalho.lnk - C:\Users\Public\Documents\Monolith Productions
C:\Users\Part\Desktop\Documentos\Documents\Recuperados dos Backup's antigos\Ubi Soft Product Registration.lnk - C:\Program Files (x86)\Ubi Soft\Register\register.exe D:\Support\Register\regsetup.exe /game=SplinterCell
C:\Users\Part\Desktop\Thiago\Rocas\Disco Local\PROMINER - Thiago.lnk - C:\Users\Part\Desktop\PROMINER - Thiago.docx
C:\Users\Part\Desktop\Thiago\Rocas\Disco Local\THIAGO-20150310-1040.lnk - E:\Disco Local\THIAGO-20150310-1040.log
C:\Users\Part\Desktop\Thiago\Rocas\Disco Local\Thiago.lnk - \\NETWORKSPACE2\MyShare\Recovery\MyShare\Recovery\MyShare\05 ORÇAMENTOS & PROPOSTAS\381 - LT Miracema - Sapeaçu (Biodinâmica)\Thiago

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files (x86)\AVAST Software\Avast\avastui.exe
C:\Users\Public\Desktop\Camtasia Studio 8.lnk - D:\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\Public\Desktop\CCleaner.lnk - D:\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Jelbruss Secure Web\sschromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk -
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk -
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Part\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo\jogotempo.lnk - C:\Program Files (x86)\jogotempo\jogotempo.url
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo\Uninstall.lnk - C:\Program Files (x86)\jogotempo\uninst.exe
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Part\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Part\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files (x86)\AVAST Software\Avast\avastui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Jelbruss Secure Web\sschromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Jelbruss Secure Web\sschromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1"
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Part\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Jelbruss Secure Web\sschromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="127.0.0.1:8118"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Part\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Part\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Part\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Part\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=432 folders=46 395259045 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Part\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Part\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\bsRWBcnL\info.dat" not found
"C:\PROGRA~3\bsRWBcnL\PnoiDd.dat" not found
"C:\PROGRA~3\bsRWBcnL\dat\cbubTldLm.dll" not found
"C:\PROGRA~3\bsRWBcnL\dat\FandqycL.dll" not found
"C:\PROGRA~3\bsRWBcnL\dat\fJBlBltd.exe" not found
"C:\PROGRA~3\bsRWBcnL\dat\fJBlBltd.exe.config" not found
"C:\PROGRA~3\bsRWBcnL\dat\YkrqouB.exe" not found
"C:\PROGRA~3\bsRWBcnL\dat\YkrqouB.exe.config" not found
"C:\PROGRA~3\bsRWBcnL" not found

==== EOF on 31/08/2015 at 22:58:08,70 ======================´

 

[shiko]

Galera entendida do assunto, preciso urgente da ajuda de vocês. Não sei como, mas fui infectado por um adware ou sequestrador de navegador, chamado VICEICE ou VICEICE.COM.

Já passei o ADW Cleaner, o Malwarebytes Anti-Malware, já deletei as entradas dessa porcaria no regedit, desinstalei e reinstalei o Chrome, mas continuo com essa praga aqui. POR FAVOR, alguém sabe como me livro disso??

 

[Rafael Turbo]

Olá xbox360brasil.

* Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas seu antivirus iniciando junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
____________________________________________________

* Desative temporariamente seu antivirus para evitar conflitos.

Faça o download do < ZHPDiag > <

> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo.

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_____________________________________________________________

Olá g4t0_d3_b0t4s.

Faça o download do < ZHPCleaner > <

> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo.

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
___________________________________________________________________________

Olá shiko.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Obs: (peço que coloque este relatório do Adwcleaner entre tags SPOILER para que não ocupe muito espaço no fórum).

 

[renato07]

galera, estou com um problema.

Toda vez que inicio o SO, meu google chrome abre uma pagina da internet. Site Russo, com imagens de Games e Anime. Bem estranho isso...

Como faço pra parar com essa abertura de janela automática.

 

[Lightman]

galera, estou com um problema.

Toda vez que inicio o SO, meu google chrome abre uma pagina da internet. Site Russo, com imagens de Games e Anime. Bem estranho isso...

Como faço pra parar com essa abertura de janela automática.

Tenta desinstalar o navegador junto com todas as configurações e faça uma nova instalação do zero, veja se resolve.

 

[Rafael Turbo]

Olá renato07.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Obs: (peço que coloque este relatório do Adwcleaner entre tags SPOILER para que não ocupe muito espaço no fórum).

 

[renato07]

Spoiler

# AdwCleaner v5.009 - Relatório criado 01/10/2015 às 21:31:19
# Atualizado 27/09/2015 por Xplode
# Banco de dados : 2015-09-30.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate (x64)
# Usuário : RENATO - RENATO-PC
# Executando de : E:\DOWNLOADS\AdwCleaner.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

[#] Pasta Excluído : C:\ProgramData\productdata
[#] Pasta Excluído : C:\Users\RENATO\AppData\Roaming\productdata

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Windows\Sysnative\WinDivert64.sys

***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****

[-] Tarefa Excluída : Adobe Flash Player Updater

***** [ Registro ] *****

[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CMD]

***** [ Navegadores ] *****


*************************

:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [921 bytes] ##########

Consegui, já havia usado esse programa semana passada mas não havia resolvido o problema.
Tentei novamente e parece que deu certo, meu PC reinicio automaticamente após limpeza e inicio o SO sem abrir a pagina.

Obrigado pela atenção Rafael, abraço a todos!

 

[Rafael Turbo]

Fico feliz que o problema foi resolvido. Conte sempre conosco.

 

[adrianomix]

Boa tarde sobre esse lazarento aqui help_decrypt

tem alguma forma de recuperar arquivos que foram atingidos por ele?
algum programa para tirar ele das pastas ?

Obrigado!!!

 

[Rafael Turbo]

Olá adrianomix. Este tipo de ameaça é conhecido como Ransomware. Os invasores neste caso criptografam seus arquivos para exigirem um resgate em dinheiro pela desincriptação do seu conteúdo. Só que mesmo quando se paga este resgate não há garantias de que eles cumprirão a promessa (até porque são criminosos e não tem como confiar neles).

Se você fazer uma pesquisa por este termo Ransomware no Google verá vários sites e tópicos de fóruns (principalmente em fóruns internacionais) com ferramentas e dicas de remoção, embora na maioria dos casos a melhor saída é a formatação do PC.

 

[adrianomix]

é verdade, eu dei uma lida por cima como a maioria está tudo em inglês, tinha uma pontinha de esperança de achar uma solução aqui, o problema não foi comigo, foi o pc de outra pessoa tinha 6gb de dados no usuário dessa pessoa foi tudo encriptografado, tentei restaurar mas o windows não aceitava, dai formatei, e infelizmente a pessoa não tinha backup de nada!! eu só não consegui entender como ela pegou esse vírus tentou explicar mas sem chance...

é fica a dica ai pessoal cuidado!!

Obrigado!

 

[ascwb]

OTL.TXT

Spoiler

OTL logfile created on: 09/10/2015 19:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 4,03 Gb Available Physical Memory | 67,10% Memory free
12,00 Gb Paging File | 9,88 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 301,12 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive D: | 126,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/10/09 19:57:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2015/10/04 05:24:27 | 002,654,512 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/10/04 05:24:16 | 001,872,688 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/09/23 23:34:44 | 000,815,944 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/09/13 18:50:29 | 000,410,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2015/08/19 19:57:04 | 003,098,424 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2015/10/04 05:24:26 | 000,012,080 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/09/23 23:34:41 | 001,501,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
MOD - [2015/09/23 23:34:40 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2015/10/07 16:38:44 | 000,838,224 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/10/04 05:24:16 | 001,872,688 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/10/04 05:24:14 | 001,155,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2015/10/04 05:24:10 | 005,568,816 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2015/09/13 18:50:29 | 000,410,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2015/07/21 20:26:37 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/09 13:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/05/20 14:39:31 | 005,491,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/06/06 01:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/13 09:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/10/09 19:57:13 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/09/18 19:09:56 | 000,204,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015/08/11 01:52:30 | 000,050,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/31 06:46:44 | 000,073,216 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2010/11/21 00:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 00:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 00:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 00:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 00:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 00:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 00:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/10/04 05:24:09 | 000,019,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D F8 AC 49 F1 81 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com.br"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/04/28 15:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2015/06/03 10:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rrxaqmrr.default\extensions
[2015/09/21 15:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015/04/28 15:51:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml\3.0.6_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl\0.9.0.1_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\0.5_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_1\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B13A2F2-8279-40CD-8F2E-231DC1DD808B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B13A2F2-8279-40CD-8F2E-231DC1DD808B}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/10/09 19:57:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015/10/09 05:15:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/10/09 05:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2015/10/09 05:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2015/10/09 05:15:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2015/10/07 03:58:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2015/10/07 03:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2015/10/07 03:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2015/10/02 02:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2015/10/02 02:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2015/09/30 15:01:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Razer
[2015/09/30 14:58:03 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
[2015/09/30 14:58:00 | 000,013,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
[2015/09/30 14:58:00 | 000,006,656 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2015/09/30 14:57:59 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys
[2015/09/23 02:29:08 | 000,574,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015/09/23 02:26:25 | 000,072,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2015/09/23 02:26:25 | 000,069,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2015/09/23 02:26:25 | 000,050,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2015/09/23 02:26:25 | 000,040,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2015/09/23 02:26:24 | 022,525,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015/09/23 02:26:24 | 018,543,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015/09/23 02:26:24 | 016,637,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015/09/23 02:26:24 | 014,635,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015/09/23 02:26:24 | 013,660,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015/09/23 02:26:24 | 001,105,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015/09/23 02:26:24 | 001,064,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015/09/23 02:26:24 | 000,986,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015/09/23 02:26:24 | 000,943,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015/09/23 02:26:24 | 000,204,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2015/09/23 02:26:24 | 000,176,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015/09/23 02:26:24 | 000,155,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015/09/23 02:26:24 | 000,150,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015/09/23 02:26:24 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015/09/23 02:26:23 | 015,513,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015/09/23 02:26:23 | 001,898,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435598.dll
[2015/09/23 02:26:23 | 001,558,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435598.dll
[2015/09/23 02:26:23 | 001,074,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015/09/23 02:26:23 | 000,944,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015/09/23 02:26:22 | 014,936,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015/09/23 02:26:22 | 012,185,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015/09/23 02:26:22 | 002,940,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015/09/23 02:26:22 | 002,627,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015/09/23 02:26:21 | 003,530,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2015/09/23 02:25:03 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2015/09/21 15:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/09/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/09/21 15:44:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/09/20 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\com.pixeljam.trialsOfGlorkMac
[2015/09/12 15:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2015/09/12 15:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2015/09/12 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Skyrim
[2015/09/12 05:22:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\My Games

========== Files - Modified Within 30 Days ==========

[2015/10/09 19:57:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2015/10/09 19:57:13 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/09 19:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e184f04cc6b6.job
[2015/10/09 16:41:23 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e184effd941d.job
[2015/10/09 16:32:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/10/09 16:32:37 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2015/10/08 02:40:03 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/10/08 02:40:03 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/10/07 04:00:12 | 000,000,059 | ---- | M] () -- C:\Users\Admin\AppData\Local\UserProducts.xml
[2015/10/04 05:23:01 | 001,423,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2015/10/04 05:23:01 | 001,317,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2015/10/04 05:22:52 | 001,756,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2015/10/04 05:22:52 | 001,710,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2015/09/30 23:59:13 | 480,999,314 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/09/18 19:09:56 | 001,567,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2015/09/18 19:09:56 | 000,204,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2015/09/18 19:09:56 | 000,040,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2015/09/18 03:44:20 | 000,007,601 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2015/09/14 20:03:46 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/09/14 20:03:46 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2015/09/14 20:03:46 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3852321862-3817149333-2346753454-1000.job
[2015/09/14 20:03:46 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2015/09/13 21:29:48 | 042,840,368 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2015/09/13 21:29:48 | 037,819,000 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/09/13 21:29:48 | 022,525,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2015/09/13 21:29:48 | 018,543,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2015/09/13 21:29:48 | 017,082,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2015/09/13 21:29:48 | 016,637,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2015/09/13 21:29:48 | 015,513,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2015/09/13 21:29:48 | 014,936,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2015/09/13 21:29:48 | 014,635,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2015/09/13 21:29:48 | 013,660,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2015/09/13 21:29:48 | 012,514,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2015/09/13 21:29:48 | 012,185,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2015/09/13 21:29:48 | 003,530,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2015/09/13 21:29:48 | 003,116,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2015/09/13 21:29:48 | 002,940,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2015/09/13 21:29:48 | 002,627,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2015/09/13 21:29:48 | 001,898,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435598.dll
[2015/09/13 21:29:48 | 001,558,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435598.dll
[2015/09/13 21:29:48 | 001,105,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2015/09/13 21:29:48 | 001,074,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2015/09/13 21:29:48 | 001,064,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2015/09/13 21:29:48 | 000,986,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2015/09/13 21:29:48 | 000,944,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2015/09/13 21:29:48 | 000,943,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2015/09/13 21:29:48 | 000,176,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2015/09/13 21:29:48 | 000,155,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2015/09/13 21:29:48 | 000,150,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2015/09/13 21:29:48 | 000,128,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2015/09/13 21:29:48 | 000,112,760 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/09/13 21:29:48 | 000,105,080 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/09/13 21:29:48 | 000,033,079 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015/09/13 19:09:13 | 002,558,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2015/09/13 19:09:13 | 000,385,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2015/09/13 19:09:13 | 000,062,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2015/09/13 19:09:12 | 006,884,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2015/09/13 19:09:12 | 003,496,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2015/09/13 18:50:29 | 000,574,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2015/09/11 09:17:51 | 005,231,082 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2015/10/09 05:14:50 | 012,559,800 | ---- | C] () -- C:\Users\Admin\Desktop\DeathAdder_driver_v3.05_Eng.exe
[2015/09/23 02:26:21 | 042,840,368 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2015/09/23 02:26:21 | 037,819,000 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/09/18 03:44:20 | 000,007,601 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2015/09/05 13:34:43 | 000,000,000 | ---- | C] () -- C:\Users\Admin\netsh
[2015/08/29 23:00:15 | 000,000,434 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/04/30 22:38:25 | 000,000,059 | ---- | C] () -- C:\Users\Admin\AppData\Local\UserProducts.xml
[2015/04/28 17:16:07 | 001,600,212 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/04/28 15:52:41 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2015/04/28 15:52:41 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2015/04/28 15:52:41 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2015/04/28 15:52:41 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2015/04/28 15:52:40 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2015/04/28 15:38:09 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 00:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 00:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/09/20 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.pixeljam.trialsOfGlorkMac
[2015/10/07 03:59:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2015/08/12 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Light
[2015/08/21 16:37:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\livestreamer
[2015/06/10 22:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MMFApplications
[2015/04/30 03:09:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetworkTunnel
[2015/09/30 15:01:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Razer
[2015/09/03 22:05:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2015/10/03 01:54:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client

< End of report >

EXTRAS.TXT

Spoiler

OTL Extras logfile created on: 09/10/2015 19:59:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

6,00 Gb Total Physical Memory | 4,03 Gb Available Physical Memory | 67,10% Memory free
12,00 Gb Paging File | 9,88 Gb Available in Paging File | 82,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 301,12 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive D: | 126,33 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2094866D-8768-469C-BC40-F33096A39B38}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{296D641E-9F8C-4F81-8837-AC8673BB4BF7}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{3C459C20-A053-4B31-8102-904B4492B0F0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{55EB75C2-C8C0-4713-95D4-40BBB73B24DA}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{5C2BE2CD-C35C-417C-AF60-3C9CD7AC1AB4}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{BE732AF5-55E2-4F94-A50A-13BE148B62A2}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DC5EE211-A7F1-4936-B09D-285542FEDD34}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{F631DBF7-53EB-46D6-AFC4-10F703186F6B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A9DA2A-A8C1-43B1-8980-ADEEAAAAD186}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{217ECA1A-3C9B-4AB4-92E1-D87C51F411CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{6CE2F222-246C-45DB-9AE7-6142044C7DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9905F6A7-D416-4333-85A3-A82E4ED437CA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0C261CE-9AE3-47D8-9AF1-3D0AC98D56A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{105BB210-E648-4234-991C-BC7FFA0EA324}C:\program files (x86)\teamviewer\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"TCP Query User{4190BD9F-885B-44DF-847D-8033ADF932AA}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9E1270BF-1AC1-400F-BBFA-7A73BB18C92E}C:\program files (x86)\teamviewer\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"UDP Query User{D854CA61-871C-45AB-BB68-C63D99741448}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB8079C-2F30-3A6E-A76A-9758C4F1CD21}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5D6B9580-EC40-39A2-8C7C-242599D17FEE}" = Microsoft .NET Framework 4.5 PTB Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62577E41-C350-3D07-97C8-2B6CDB4BAD60}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0416-1000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 RC
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046" = Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 355.98
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 355.98
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 355.98
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.5.15.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 2.5.15.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver de áudio HD 1.3.34.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.5.15.46
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.31
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E70808B9-78FE-3081-9658-A3C9DBC9A798}" = Microsoft .NET Framework 4.5.1 RC
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{26A24AE4-039D-4CA4-87B4-2F83218045F0}" = Java 8 Update 45
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.10
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 3.1.6
"{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}" = NVIDIA PhysX (Legacy)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI - Português
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EB8DC554-959C-49E9-B816-E488103B1046}" = Nero 7 Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.5
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versão 2.1.8.1057
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Mozilla Firefox 30.0 (x86 pt-BR)" = Mozilla Firefox 30.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Steam" = Steam
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer" = TeamViewer 10
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1d85483b1c982d8c" = IdleMaster

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/10/2015 02:15:52 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/10/2015 09:48:55 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.

Error - 08/10/2015 09:50:25 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/10/2015 03:18:43 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = O programa hl.exe versão 1.1.1.1 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
105c Hora de Início: 01d1026290e394cd Hora de Término: 51 Caminho do Aplicativo: C:\Program
Files (x86)\Steam\steamapps\common\Half-Life\hl.exe Id do Relatório: f017cdf8-6e55-11e5-96bc-00010a0ac54f


Error - 09/10/2015 04:17:20 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.

Error - 09/10/2015 11:15:15 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.

Error - 09/10/2015 11:16:29 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/10/2015 15:34:26 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/10/2015 15:41:23 | Computer Name = Admin-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x80070005.

Error - 09/10/2015 18:58:56 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = O programa OTL.exe versão 3.2.69.0 parou de interagir com o Windows
e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique
o histórico de problemas no painel de controle da Central de Ações. ID de Processo:
e2c Hora de Início: 01d102e5f0bd8613 Hora de Término: 5 Caminho do Aplicativo: C:\Users\Admin\Desktop\OTL.exe

Id
do Relatório:

[ System Events ]
Error - 02/10/2015 01:25:09 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =

Error - 07/10/2015 02:43:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Steam Client Service.

Error - 07/10/2015 02:43:43 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Steam Client Service devido ao
seguinte erro: %%1053

Error - 07/10/2015 03:14:37 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 04:13:22 às ?07/?10/?2015 não
era esperado.

Error - 07/10/2015 20:07:54 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 19:21:43 às ?07/?10/?2015 não
era esperado.

Error - 08/10/2015 01:26:20 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Serviço de Notificação da SPP terminou com o erro: %%5

Error - 08/10/2015 02:36:47 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Steam Client Service.

Error - 08/10/2015 02:36:47 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Steam Client Service devido ao
seguinte erro: %%1053

Error - 09/10/2015 14:20:02 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:18:34 às ?09/?10/?2015 não
era esperado.

Error - 09/10/2015 15:32:44 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:20:02 às ?09/?10/?2015 não
era esperado.


< End of report >

Tem algo de errado? Help-me!!!