Análise de vírus + Sense+

Question

[LEFT]Boa tarde, pessoal.

Seguinte, t&ocirc; com um v&iacute;rus maldito no meu PC. No come&ccedil;o, tudo bem, era s&oacute; fechar os pop-up e era feliz. Por&eacute;m, a coisa come&ccedil;ou a piorar. Desde o computador ficar lento at&eacute; prejudicar na navega&ccedil;&atilde;o. Desde abrindo janelas em segundo plano at&eacute; impossibilitando de entrar em algumas p&aacute;ginas (The Pirate Bay, por exemplo). Instalei o AdBlock e nada de bloquear estes pop-ups. Cheguei na conclus&atilde;o de que &eacute; um v&iacute;rus chamado Sense. Procurei como desinstalar mas n&atilde;o consegui. Toda vez que vou desinstalar o programa, ele d&aacute; como o 'uninstall.exe' parou de funcionar. Tudo bem, fui no regedit e tudo que tinha Sense no meio fui apagando. Cheguei na pasta do mesmo e deu a seguinte mensagem da imagem.

Segue o FRST e o Addition para an&aacute;lise. [/LEFT]

Caso a hospedagem dos .txt acabarem o tempo, segue:  [SPOILER=FRST]
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Jo&atilde;o Thorlief (administrator) on PC on 29-04-2015 15:10:43
Running from C:\Users\Jo&atilde;o Thorlief\Downloads
Loaded Profiles: Jo&atilde;o Thorlief (Available profiles: Jo&atilde;o Thorlief)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Ingl&ecirc;s (Estados Unidos)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\INTELBRAS\WBN 900\RalinkRegistryWriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Sense+) C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-6.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Sense+) C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-6.exe
(FileProperties_CompanyName) C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe
(FileProperties_CompanyName) C:\Program Files (x86)\dress4u\dress4u_notification_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(INTELBRAS S/A) C:\Program Files (x86)\INTELBRAS\WBN 900\WBN900.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\extensions\[email]adbhelper@mozilla.org[/email]\win32\adb.exe
(BitTorrent Inc.) C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-16] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [GoogleChromeAutoLaunch_772EF3C443A89D4CBC1D970D9223C09F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-31] (Electronic Arts)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Run: [uTorrent] => C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\uTorrent\uTorrent.exe [1699920 2015-04-28] (BitTorrent Inc.)
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\MountPoints2: {6867f2be-2328-11e4-9e34-c89cdc4d7c1b} - F:\Setup.exe
HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2015-02-18] ()  C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
AppInit_DLLs: C:\Users\JOOTHO~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\JOOTHO~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Assistente Wireless Intelbras WBN 900.lnk [2014-12-17]
ShortcutTarget: Assistente Wireless Intelbras WBN 900.lnk -> C:\Program Files (x86)\INTELBRAS\WBN 900\WBN900.exe (INTELBRAS S/A)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-12-17]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_03162734.lnk [2014-12-15]
ShortcutTarget: _uninst_03162734.lnk -> C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\_uninst_03162734.bat (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-16] (AVAST Software)
GroupPolicy: Group Policy on Chrome detected  DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3932317156-863555507-3277239823-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3932317156-863555507-3277239823-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3932317156-863555507-3277239823-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_cmi_15_06_ch&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyE0DyB0CtC0B0ByByB0AtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StDyEyEzyyEzy0EyEtG0A0DyCtDtGyD0CtBtBtG0A0EtCyCtGtDtD0C0A0AyEyCtByByB0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BzytDyEyDzzyCyEtGzytDtAtCtGyE0AzytCtGzy0Dzz0DtGyB0AyE0AyEyDtCyC0A0CyBtA2Q&cr=1255831595&ir=
BHO: No Name -> {11111111-1111-1111-1111-110611901119} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-16] (AVAST Software)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611901119} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-16] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\prcctr64.dll [344400 2015-02-05] (MD  Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\prcctr64.dll [344400 2015-02-05] (MD  Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\prcctr64.dll [344400 2015-02-05] (MD  Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\prcctr64.dll [344400 2015-02-05] (MD  Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\prcctr64.dll [344400 2015-02-05] (MD  Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default
FF DefaultSearchUrl: hxxp://search.hao123.com/s
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: omiga-plus
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3932317156-863555507-3277239823-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jo&atilde;o Thorlief\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3932317156-863555507-3277239823-1000: gastecnologia.com.br/sf/cef -> C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3932317156-863555507-3277239823-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-04-01] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\user.js [2015-03-04]
FF SearchPlugin: C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\searchplugins\Baidu.xml [2014-09-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-03-05]
FF Extension: ADB Helper - C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\Extensions\[email]adbhelper@mozilla.org[/email] [2015-04-28]
FF Extension: SensePlus.V2 - C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\Extensions\[email]e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com[/email] [2015-04-24]
FF Extension: Valence - C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\Extensions\[email]fxdevtools-adapters@mozilla.org[/email] [2015-04-28]
FF Extension: MEGA - C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\Extensions\[email]firefox@mega.co.nz.xpi[/email] [2015-03-20]
FF Extension: Adblock Plus - C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mozilla\Firefox\Profiles\uozbhi6b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-09]
FF HKLM-x32\...\Firefox\Extensions: [[email]wrc@avast.com[/email]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-03-04]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-07]  google.com.br
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-28]
CHR Extension: (Adblock Plus) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-29]
CHR Extension: (Bookmark Manager) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-17]
CHR Extension: (quiz games) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhiokdidpkighjkankkbahmeheadohg [2015-04-02]
CHR Extension: (dress4u) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlinpflaifheoeohbdffhfnnpghdnlel [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (npecfdijgoblfcgagoijgmgejmcpnhof) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2015-04-01]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Jo&atilde;o Thorlief\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-02-10]
CHR HKLM\...\Chrome\Extension: [ehjldlodmkdlooagebfnaghgmkfccipn] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3932317156-863555507-3277239823-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehjldlodmkdlooagebfnaghgmkfccipn] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3932317156-863555507-3277239823-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehjldlodmkdlooagebfnaghgmkfccipn] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkgngkfjklojelbbglcnmnjabdgldofo] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-07-31] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
R2 RalinkRegistryWriter; C:\Program Files (x86)\INTELBRAS\WBN 900\RalinkRegistryWriter.exe [69632 2009-06-18] (Ralink Technology, Corp.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-02-17] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2015-02-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-16] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-13] (Disc Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 {ddddb327-b443-454e-b9bd-98f89ea4548c}w64; C:\Windows\System32\drivers\{ddddb327-b443-454e-b9bd-98f89ea4548c}w64.sys [48784 2015-02-03] (StdLib)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 15:10 - 2015-04-29 15:11 - 00026775 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\FRST.txt
2015-04-29 15:10 - 2015-04-29 15:10 - 00000000 ____D () C:\FRST
2015-04-29 15:09 - 2015-04-29 15:09 - 02101248 _____ (Farbar) C:\Users\Jo&atilde;o Thorlief\Downloads\FRST64.exe
2015-04-28 17:36 - 2015-04-28 17:36 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17
2015-04-28 17:34 - 2015-04-28 17:36 - 00000000 ____D () C:\TheKlub17
2015-04-28 17:31 - 2015-04-28 17:31 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\tk17v750
2015-04-28 17:10 - 2015-04-28 17:10 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\ShesNew - Hollie Shields - Their First Sex Tape
2015-04-28 17:05 - 2015-04-28 17:11 - 393829750 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\ohrly-nda429ff.wmv
2015-04-28 17:03 - 2015-04-28 17:03 - 376658664 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\18yoga_Tina_Hot_1080.mp4
2015-04-28 17:02 - 2015-04-28 17:02 - 636045817 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\Melony_ecg.mp4
2015-04-28 17:01 - 2015-04-28 17:12 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Redhead
2015-04-28 16:59 - 2015-04-29 14:40 - 254727277 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\brcc.brielle.mp4
2015-04-28 16:51 - 2015-04-29 14:24 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\NubileFilms - Amber Cute - Art Of Anal
2015-04-28 16:46 - 2015-04-28 17:26 - 820473687 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\tk17v750.rar
2015-04-28 16:40 - 2015-04-29 14:17 - 793023172 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\Arwen Gold.mp4
2015-04-28 14:27 - 2015-04-28 14:27 - 00001199 _____ () C:\Users\Jo&atilde;o Thorlief\Desktop\Any Audio Converter.lnk
2015-04-28 14:27 - 2015-04-28 14:27 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Documents\Any Video Converter
2015-04-28 14:27 - 2015-04-28 14:27 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Anvsoft
2015-04-28 14:26 - 2015-04-28 14:26 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-04-28 14:15 - 2015-04-28 14:23 - 34599616 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\any-audio-converter.exe
2015-04-27 19:43 - 2015-04-27 19:43 - 00034102 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\superfast.(2015).pob.1cd.(6129191).zip
2015-04-27 19:26 - 2015-04-27 21:41 - 527689260 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\Krawk - CD - A meta &eacute; o topo (COMPLETO) 2015.zip
2015-04-27 17:47 - 2015-04-29 14:17 - 1033445393 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\alice_ecg.mp4
2015-04-27 17:47 - 2015-04-28 15:48 - 542157784 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\Blacked - Farrah Flower - RedHead Teen Enjoys Interracial Sex_480p.mp4
2015-04-27 17:20 - 2015-04-28 15:37 - 810194717 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\ns_adriana_sd.wmv
2015-04-27 16:58 - 2015-04-27 19:45 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Superfast! (2015)
2015-04-27 13:45 - 2015-04-27 13:45 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Desktop\runtime
2015-04-27 13:38 - 2015-04-27 13:45 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Desktop\game
2015-04-26 11:53 - 2015-04-26 11:55 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\WWE WrestleMania 31 PPV WEB-DL x264-WD -={SPARROW}=-
2015-04-26 11:53 - 2015-04-26 11:53 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Hairy.Twatter-A.Dreamzone.Parody.XXX
2015-04-26 06:29 - 2015-04-26 11:23 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\TeensLoveHugeCocks - Kiera Winters - Naughty Needs mp4
2015-04-26 06:23 - 2015-04-27 00:36 - 1693661531 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\TeamSkeet - Exxxtra Small Chicks Fucking Huge Dicks 10 DVDRip.mp4
2015-04-25 22:10 - 2015-04-26 06:11 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Fantasy HD - Bad Schoolgirls - Natalie Heart & Heather Night [SD 534] [.mp4]
2015-04-25 19:15 - 2015-04-25 01:59 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\The.Long.Dark.v227
2015-04-25 16:37 - 2015-04-25 17:24 - 1085661018 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\The.Long.Dark.v227.zip
2015-04-25 15:33 - 2015-04-25 15:33 - 00005120 ___SH () C:\Users\Jo&atilde;o Thorlief\Documents\Thumbs.db
2015-04-25 12:29 - 2015-04-25 14:30 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Whiplash (2014) [1080p]
2015-04-25 12:15 - 2015-04-25 16:13 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\TeensLoveHugeCocks - Kate England (Kissing kate) NEW 07 March 2015
2015-04-22 18:14 - 2015-04-26 06:10 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Teens Love Huge Cocks - Pussy Lover - Heather Night [SD 432] [.mp4]
2015-04-14 17:13 - 2015-04-14 17:13 - 00561576 _____ (Oracle Corporation) C:\Users\Jo&atilde;o Thorlief\Downloads\chromeinstall-8u45.exe
2015-04-14 17:08 - 2015-04-08 17:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-14 17:07 - 2015-04-08 18:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 17:05 - 2015-04-08 21:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-14 17:05 - 2015-04-08 21:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 17:05 - 2015-04-08 21:58 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-14 13:59 - 2014-11-22 07:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-14 13:59 - 2014-11-22 07:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-13 18:13 - 2015-04-14 18:35 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Teen Fidelity - Piper Perri (Break My Hymen) [.mp4]
2015-04-13 17:48 - 2015-04-25 16:13 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\WeLiveTogether - Riley Reid, Kenna James (Clit Kissers) NEW 05 March 2015
2015-04-13 17:21 - 2015-04-13 18:05 - 336370462 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\gfr.15.03.09.Sexing.Sydney.mp4
2015-04-07 21:22 - 2011-10-20 00:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 20:32 - 2015-04-07 20:34 - 06255239 _____ () C:\Users\Jo&atilde;o Thorlief\Desktop\Os Intocaveis - Stress.zip
2015-04-07 20:22 - 2015-04-07 20:46 - 82181545 _____ () C:\Users\Jo&atilde;o Thorlief\Desktop\Shawlin & Tropkillaz - O Inferno do Cachorro magro (EP).zip
2015-04-07 20:21 - 2015-04-07 20:21 - 00003262 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3932317156-863555507-3277239823-1000
2015-04-07 20:17 - 2015-04-07 20:21 - 04718592 _____ () C:\Users\Jo&atilde;o Thorlief\Desktop\Shawlin & Tropkillaz - O Inferno do Cachorro magro (EP)-1.zip
2015-04-06 17:18 - 2015-04-06 22:16 - 00003447 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\mwt-metallica.through.the.never.srt
2015-04-06 17:16 - 2015-04-06 17:16 - 00003105 _____ () C:\Users\Jo&atilde;o Thorlief\Downloads\metallica.through.the.never.(2013).pob.1cd.(5495989).zip
2015-04-06 16:05 - 2015-04-06 16:05 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\[New Sensations] Beautiful Redhead Lilith Lust Fucked Hard (Scenes 1) [.mp4][PornLeech]
2015-04-06 00:17 - 2015-04-25 10:26 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Interstellar (2014) (2014) [1080p]
2015-04-06 00:17 - 2015-04-24 21:20 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Metallica - Studio Discography + S&M and Garage Inc. [VBR]
2015-04-06 00:17 - 2015-04-14 14:22 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\The Theory of Everything (2014) [1080p]
2015-04-06 00:16 - 2015-04-06 15:40 - 1470846976 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\mwt-metallica.through.the.never.avi
2015-04-03 22:08 - 2015-04-04 00:24 - 2064507815 ____R () C:\Users\Jo&atilde;o Thorlief\Downloads\American Sniper -DVDScr-TheFilmesHD.rar
2015-04-03 10:49 - 2015-04-03 10:49 - 01577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\3GLPY2JJqvOqZ3FfwbmAzI.exe
2015-04-03 10:49 - 2015-04-03 10:49 - 01224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Db3kxqhd7QuTY88hiO.exe
2015-04-02 17:55 - 2015-04-03 10:49 - 01577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trz9EDE.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 01577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trz71C5.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 01224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trzB280.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 01224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trzB0F9.tmp
2015-04-02 17:55 - 2015-04-02 17:55 - 00001056 _____ () C:\Windows\Tasks\YSmq5BkxsWgLv8BBFt4fMnOTL5.job
2015-04-02 17:55 - 2015-04-02 17:55 - 00001054 _____ () C:\Windows\Tasks\P8EXKVvZnTViV1WPJ9zMCk4dF.job
2015-04-02 17:54 - 2015-04-29 14:54 - 00001330 _____ () C:\Windows\Tasks\quiz_games_notification_service.job
2015-04-02 17:54 - 2015-04-29 13:55 - 00000692 _____ () C:\Windows\Tasks\quiz_games_updating_service.job
2015-04-02 17:54 - 2015-04-02 17:55 - 00003720 _____ () C:\Windows\System32\Tasks\quiz_games_updating_service
2015-04-02 17:54 - 2015-04-02 17:54 - 00004356 _____ () C:\Windows\System32\Tasks\quiz_games_notification_service
2015-04-02 17:52 - 2015-04-02 17:54 - 00000000 ____D () C:\Program Files (x86)\quiz games
2015-04-02 13:09 - 2015-04-02 13:09 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Documents\Mount&Blade Warband Savegames
2015-04-02 13:05 - 2015-04-02 13:14 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Documents\Mount&Blade Warband
2015-04-02 13:05 - 2015-04-02 13:06 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Mount&Blade Warband
2015-04-02 13:01 - 2015-04-02 13:01 - 00002489 _____ () C:\Users\Public\Desktop\Mount and Blade Warband - Viking Conquest.lnk
2015-04-02 13:01 - 2015-04-02 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaleWorlds Entertainment
2015-04-02 12:54 - 2015-04-02 12:54 - 00000000 ____D () C:\Program Files (x86)\TaleWorlds Entertainment
2015-04-01 18:05 - 2015-04-01 18:05 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-04-01 18:05 - 2015-04-01 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-04-01 18:05 - 2015-04-01 18:05 - 00000000 ____D () C:\Program Files (x86)\GameVicio
2015-04-01 17:48 - 2015-04-01 17:48 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\.android
2015-04-01 17:47 - 2015-04-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-04-01 17:47 - 2015-04-01 17:47 - 00001031 _____ () C:\Users\Public\Desktop\Kingo ROOT.lnk
2015-04-01 17:47 - 2015-04-01 17:47 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Local\Kingosoft
2015-04-01 17:47 - 2015-04-01 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT
2015-04-01 17:31 - 2015-04-28 14:06 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 16:31 - 2015-04-29 14:31 - 00001312 _____ () C:\Windows\Tasks\dress4u_notification_service.job
2015-04-01 16:31 - 2015-04-29 12:31 - 00000674 _____ () C:\Windows\Tasks\dress4u_updating_service.job
2015-04-01 16:31 - 2015-04-01 16:31 - 00004338 _____ () C:\Windows\System32\Tasks\dress4u_notification_service
2015-04-01 16:31 - 2015-04-01 16:31 - 00003702 _____ () C:\Windows\System32\Tasks\dress4u_updating_service
2015-04-01 16:31 - 2015-04-01 16:31 - 00001048 _____ () C:\Windows\Tasks\3GLPY2JJqvOqZ3FfwbmAzI.job
2015-04-01 16:31 - 2015-04-01 16:31 - 00001040 _____ () C:\Windows\Tasks\Db3kxqhd7QuTY88hiO.job
2015-04-01 16:31 - 2015-04-01 16:31 - 00000000 ____D () C:\Program Files (x86)\dress4u
2015-04-01 16:10 - 2015-04-02 09:36 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Fury 2014 BluRay 1080p AVC DTS-HD MA 5.1 x264-MgB [ETRG]
2015-03-31 08:51 - 2015-03-31 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 08:51 - 2015-03-31 08:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-31 05:14 - 2015-03-31 05:14 - 00005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\YSmq5BkxsWgLv8BBFt4fMnOTL5
2015-03-31 05:14 - 2015-03-31 05:14 - 00005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\3GLPY2JJqvOqZ3FfwbmAzI
2015-03-31 05:14 - 2015-03-31 05:14 - 00005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\2ANIog2Ye5DkXR1Q3wovNyO
2015-03-31 05:14 - 2015-03-31 05:14 - 00004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\P8EXKVvZnTViV1WPJ9zMCk4dF
2015-03-31 05:14 - 2015-03-31 05:14 - 00004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\msGl1W2c6O8Cg
2015-03-31 05:14 - 2015-03-31 05:14 - 00004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Db3kxqhd7QuTY88hiO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 15:11 - 2015-02-04 16:11 - 00005858 _____ () C:\Windows\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-6.job
2015-04-29 15:11 - 2014-08-12 20:06 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\uTorrent
2015-04-29 15:05 - 2014-08-13 19:02 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Skype
2015-04-29 14:56 - 2015-02-03 18:56 - 00003458 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-6.job
2015-04-29 14:55 - 2015-02-03 18:55 - 00006190 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-6.job
2015-04-29 14:55 - 2015-02-03 18:55 - 00000000 ____D () C:\Program Files (x86)\Sense
2015-04-29 14:54 - 2014-09-06 19:31 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-29 14:45 - 2014-08-12 19:03 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 14:10 - 2015-02-12 17:21 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2015-04-29 12:56 - 2015-02-03 18:56 - 00002774 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-5.job
2015-04-29 12:56 - 2015-02-03 18:55 - 00003802 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-7.job
2015-04-29 12:55 - 2015-02-03 18:55 - 00005846 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-7.job
2015-04-29 12:55 - 2015-02-03 18:55 - 00004822 _____ () C:\Windows\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-4.job
2015-04-29 11:35 - 2014-09-07 20:34 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\.minecraft
2015-04-29 11:22 - 2014-08-12 18:41 - 01280848 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 11:00 - 2014-08-12 18:55 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief
2015-04-29 10:53 - 2014-09-03 13:46 - 00000000 ____D () C:\ProgramData\Origin
2015-04-29 10:11 - 2015-02-04 16:11 - 00005514 _____ () C:\Windows\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-7.job
2015-04-29 10:11 - 2015-02-04 16:11 - 00004154 _____ () C:\Windows\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-4.job
2015-04-29 10:11 - 2015-02-04 16:11 - 00003106 _____ () C:\Windows\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-1.job
2015-04-29 10:11 - 2015-02-04 16:11 - 00002442 _____ () C:\Windows\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-5.job
2015-04-29 02:44 - 2014-08-12 19:03 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 02:00 - 2014-08-12 21:56 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Local\Adobe
2015-04-28 18:53 - 2015-02-17 11:31 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Desktop\Mega Pack de Temas Especial 1000 Inscritos By. ST
2015-04-28 14:09 - 2015-03-24 10:59 - 00055143 _____ () C:\Windows\setupact.log
2015-04-28 14:07 - 2014-09-19 09:36 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Local\LogMeIn Hamachi
2015-04-28 14:07 - 2014-09-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-28 14:06 - 2009-07-14 01:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 14:06 - 2009-07-14 01:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 14:03 - 2014-08-13 14:18 - 00703976 _____ () C:\Windows\system32\prfh0416.dat
2015-04-28 14:03 - 2014-08-13 14:18 - 00146282 _____ () C:\Windows\system32\prfc0416.dat
2015-04-28 14:03 - 2009-07-14 02:13 - 01630210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 13:58 - 2014-08-12 19:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-28 13:58 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 10:25 - 2014-09-16 19:35 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-23 10:28 - 2014-08-16 01:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-14 17:55 - 2014-09-06 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 17:55 - 2014-09-06 19:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 17:55 - 2014-09-06 19:31 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 17:50 - 2014-12-17 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-14 17:49 - 2014-12-17 14:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-14 17:49 - 2014-08-16 22:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-14 17:49 - 2014-08-16 22:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-14 17:11 - 2014-08-12 19:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-14 17:06 - 2014-08-12 19:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-14 14:00 - 2014-08-12 19:15 - 00001377 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-04-08 21:58 - 2014-08-12 19:34 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-08 21:58 - 2014-08-12 19:34 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-08 21:58 - 2014-08-12 19:33 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 18:30 - 2014-08-12 19:35 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 18:30 - 2014-08-12 19:35 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 18:30 - 2014-08-12 19:35 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 18:30 - 2014-08-12 19:35 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 18:30 - 2014-08-12 19:35 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 14:52 - 2014-08-12 19:35 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-07 20:32 - 2015-03-02 21:57 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-04-02 12:52 - 2014-09-25 15:25 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\vlc
2015-04-02 00:14 - 2015-02-16 17:47 - 00000000 ____D () C:\Users\Jo&atilde;o Thorlief\Downloads\Mount.and.Blade.Warband.Viking.Conquest-SKIDROW[rarbg]
2015-03-30 15:25 - 2014-12-19 10:19 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2015-03-31 05:14 - 2015-03-31 05:14 - 0005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\2ANIog2Ye5DkXR1Q3wovNyO
2015-03-31 05:14 - 2015-03-31 05:14 - 0005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\3GLPY2JJqvOqZ3FfwbmAzI
2015-04-03 10:49 - 2015-04-03 10:49 - 1577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\3GLPY2JJqvOqZ3FfwbmAzI.exe
2015-03-31 05:14 - 2015-03-31 05:14 - 0004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Db3kxqhd7QuTY88hiO
2015-04-03 10:49 - 2015-04-03 10:49 - 1224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Db3kxqhd7QuTY88hiO.exe
2005-04-07 23:16 - 2015-03-03 21:35 - 0050229 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Jo&atilde;o Thorlieflog.dat
2015-03-31 05:14 - 2015-03-31 05:14 - 0004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\msGl1W2c6O8Cg
2015-01-25 13:12 - 2015-01-25 13:12 - 0002086 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\NT
2015-02-03 18:55 - 2015-02-03 18:55 - 1487832 _____ (Sense+) C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\NT.exe
2015-03-31 05:14 - 2015-03-31 05:14 - 0004387 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\P8EXKVvZnTViV1WPJ9zMCk4dF
2015-04-02 17:55 - 2015-04-03 10:49 - 1577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trz71C5.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 1577472 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trz9EDE.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 1224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trzB0F9.tmp
2015-04-02 17:55 - 2015-04-03 10:49 - 1224704 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\trzB280.tmp
2015-01-25 13:12 - 2015-01-25 13:12 - 0001248 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\TTOXLQ
2015-02-03 18:55 - 2015-02-03 18:55 - 1969112 _____ (Sense+) C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\TTOXLQ.exe
2015-02-12 17:23 - 2015-03-04 16:10 - 0035750 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\unins000.dat
2015-03-04 16:09 - 2015-03-04 16:09 - 0730322 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\unins000.exe
2015-02-18 11:34 - 2015-01-14 11:32 - 0035048 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\UserOrb.bmp
2014-09-16 23:03 - 2014-09-29 00:03 - 0000058 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\WB.CFG
2015-03-31 05:14 - 2015-03-31 05:14 - 0005655 _____ () C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\YSmq5BkxsWgLv8BBFt4fMnOTL5
2014-08-26 19:21 - 2014-08-26 19:21 - 0000000 ___SH () C:\Users\Jo&atilde;o Thorlief\AppData\Local\LumaEmu
2014-12-15 17:45 - 2014-12-15 17:45 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js

Files to move or delete:
====================
C:\ProgramData\Duplicaterecord.js

Some content of TEMP:
====================
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\130710097252964046.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\13071009736394039444.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\130710141148724740.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\13071014127138175691.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\CMInstaller.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\ICReinstall_13071014127138175691.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\Info_Cheker By Thiago.exe
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R0.1-b2771jnks.dll
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\proxy_vole3383807630954201843.dll
C:\Users\Jo&atilde;o Thorlief\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-26 22:38

==================== End Of Log ============================
[/SPOILER]

[SPOILER=Addition]
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015
Ran by Jo&atilde;o Thorlief at 2015-04-29 15:12:24
Running from C:\Users\Jo&atilde;o Thorlief\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3932317156-863555507-3277239823-500 - Administrator - Disabled)
Guest (S-1-5-21-3932317156-863555507-3277239823-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932317156-863555507-3277239823-1005 - Limited - Enabled)
Jo&atilde;o Thorlief (S-1-5-21-3932317156-863555507-3277239823-1000 - Administrator - Enabled) => C:\Users\Jo&atilde;o Thorlief

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with hidden flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

&micro;Torrent (HKU\S-1-5-21-3932317156-863555507-3277239823-1000\...\uTorrent) (Version: 3.4.3.40208 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.12.1 - Mirillis)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Any Audio Converter 5.7.9 (HKLM-x32\...\Any Audio Converter) (Version: 5.7.9 - Anvsoft)
Assistente Wireless Intelbras WBN 900 (HKLM-x32\...\{92D62795-A3D1-4F70-BCBA-F4D87BE0DC2C}) (Version: 1.0.0.0 - INTELBRAS)
Atualiza&ccedil;&otilde;es da NVIDIA 2.4.1.21 (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd)  C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3932317156-863555507-3277239823-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Jo&atilde;o Thorlief\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)

==================== Restore Points  =========================

26-04-2015 00:00:04 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00439D7B-975F-4CC5-967B-DC5CEBC173EB} - System32\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-4 => C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-4.exe  C:\Program Files (x86)\Lights off!\Lights off!-codedownloader.exe  Sc.exe start osppsvc
Task: {0918DD55-F714-4CF7-B47D-AE9AB61A1541} - System32\Tasks\dress4u_updating_service => C:\Program Files (x86)\dress4u\dress4u_updating_service.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-5.exe  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {1C220E4C-994A-4845-9FCF-395A0805BE46} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {209DEBE2-E6BA-4F4D-AF35-1272FAF10C68} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File  C:\Program Files (x86)\YTDownloader\YTDownloader.exe  C:\Users\Jo&atilde;o Thorlief\AppData\Local\FCM\DBStack.exe
Task: {4818E3D3-0868-42AA-B893-312916CADC5C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-16] (AVAST Software)
Task: {48C0451C-3FE7-4D99-8D64-50E1412A452D} - System32\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-6 => C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-6.exe [2015-02-03] (Sense+)  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-7.exe  Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1  C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe [2015-04-02] ()  C:\Users\Jo&atilde;o Thorlief\Desktop\Minecraft (1).exe [2015-03-06] (Mojang)
Task: {6AFBA45E-D028-484F-AF8B-77A258A4FDC6} - System32\Tasks\dress4u_notification_service => C:\Program Files (x86)\dress4u\dress4u_notification_service.exe [2015-04-01] (FileProperties_CompanyName)  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {78058170-E3AC-464A-B071-1E450A74BBA6} - System32\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-7 => C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-7.exe  C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe [2015-04-02] (FileProperties_CompanyName)  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-7.exe  Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3  Chrome.exe
Task: {9EF27A61-D194-434B-A912-4929241E2470} - System32\Tasks\fb76b22b-f86b-49e3-a42a-468fc93acf59-5 => C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-5.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-6.exe  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {B428A0E7-878A-4892-AC71-4CB0B3467701} - System32\Tasks\{5C6E1D0B-3327-493C-866C-B7CC2B4CAA95} => Chrome.exe
Task: {B57691E3-84AB-403A-9E3F-E6FD12634389} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {BD148FC2-B179-40D5-9B60-D4EF7C163F93} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-4.exe  Firefox.exe
Task: {E174E396-4FC1-4EAE-A36E-4D2E201FF6B7} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Jo&atilde;o Thorlief => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {FDC73CE6-5CE3-4CB5-9B57-07750702F8C3} - System32\Tasks\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-6 => C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-6.exe [2015-02-03] (Sense+)  Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-6.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-1-7.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-4.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-5.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-5.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-6.exe  C:\Program Files (x86)\Sense\06e7c238-0bd3-4c50-996e-307ddae0b4cc-7.exe  C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\3GLPY2JJqvOqZ3FfwbmAzI.exe  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Db3kxqhd7QuTY88hiO.job => C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\Db3kxqhd7QuTY88hiO.exe  C:\Program Files (x86)\dress4u\dress4u_notification_service.exe&atilde;/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='dress4u' /appid='73143' /srcid='2913' /bic='5e3f879a12849c4a948aaa837cd3a435' /verifier='713a9423caf7e6d364c8816be4e9e788' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1427916677' /runfrom='task' /brwtype='notbg' /postponedhours='6'.Jo  C:\Program Files (x86)\dress4u\dress4u_updating_service.exe&uml; /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=dress4u_updating_service /funurl=http:/stats.buildomserv.com  C:\Program Files (x86)\Lights off!\Lights off!-codedownloader.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-4.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-5.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-5.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-6.exe  C:\Program Files (x86)\Lights off!\fb76b22b-f86b-49e3-a42a-468fc93acf59-7.exe  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NT.job => C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\NT.exe  C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\P8EXKVvZnTViV1WPJ9zMCk4dF.exe  C:\Program Files (x86)\quiz games\quiz_games_notification_service.exe&aelig;/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='quiz games' /appid='73143' /srcid='2913' /bic='5e3f879a12849c4a948aaa837cd3a435' /verifier='713a9423caf7e6d364c8816be4e9e788' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1428008077' /runfrom='task' /brwtype='notbg' /postponedhours='6'.Jo  C:\Program Files (x86)\quiz games\quiz_games_updating_service.exe&laquo; /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=quiz_games_updating_service /funurl=http:/stats.buildomserv.com  C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\TTOXLQ.exe  C:\Users\Jo&yacute;&yuml;o Thorlief\AppData\Roaming\YSmq5BkxsWgLv8BBFt4fMnOTL5.exe  =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => =Driver
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\prcctr32 => =service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => =Driver

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3932317156-863555507-3277239823-1000\Control Panel\Desktop\Wallpaper -> C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{A45AA892-7CF3-47FE-ABAF-D01BA3F5E57E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C9789DAC-41C4-4D19-A874-3AAD753E2B8C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6D98211E-F2D4-4268-B684-37ECD003D9FB}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{67245BDF-51CC-41FE-99F4-12D79A63C346}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{544B5283-75A3-4F92-A527-0394A3864C02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{787665D6-C4C5-4CA6-A49B-FD54CF31A8BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ECD2DB41-C841-4DA0-927D-6C6493284900}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{969A556B-14DC-4287-849D-58A10CFEF60A}] => (Allow) C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{536E2DAE-1593-4644-AAE8-C9C1A7F2D1A6}] => (Allow) C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAC572B9-40D9-4CA5-8C82-27B0BB8A198F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D23D3D29-F4E5-4A34-B79C-F39BF55DCFBC}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [{ACEE7687-6938-461C-B709-5553AD0F1C61}] => (Allow) C:\Program Files (x86)\SimCity\SimCity\SimCity.exe
FirewallRules: [TCP Query User{714CEB6D-2B72-4B66-8240-360DD5B506FE}C:\program files (x86)\mxgp\mxgp.exe] => (Block) C:\program files (x86)\mxgp\mxgp.exe
FirewallRules: [UDP Query User{BB43242E-B1D7-46D7-99B5-1851AF15A187}C:\program files (x86)\mxgp\mxgp.exe] => (Block) C:\program files (x86)\mxgp\mxgp.exe
FirewallRules: [TCP Query User{68B747F5-6652-4910-9C0E-065A663D07C7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F524C54E-3B12-4ADE-852E-4A3BAF65E6D3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{5379C716-750E-46B0-BA2D-E5A886C90F82}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0E676AD0-C2CE-4A60-B025-C1795C79E954}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{E49E61E2-A80B-4EE3-A64D-188A4308ED82}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{D8ADA90C-E4E0-4D8B-9F4D-D83033FFBF3B}] => (Allow) C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{56BD1D69-E3C4-4D6E-8395-6B6DB6FE8B37}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
FirewallRules: [UDP Query User{703985C4-9C7D-41F9-B454-591A38176038}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
FirewallRules: [{5F7DEB63-1DF0-4379-B527-0364158332E2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{845D7952-620A-4A1C-BC52-78320C8006C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC014086-4602-4EB5-BDB5-C35776694B83}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{14313525-24D9-495A-A151-B922898A0406}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{995884EA-6DFA-4E1C-9342-CD0CFCD54129}C:\program files (x86)\kunos simulazioni\assetto corsa early access\acs.exe] => (Allow) C:\program files (x86)\kunos simulazioni\assetto corsa early access\acs.exe
FirewallRules: [UDP Query User{C550B3A7-BD5D-4337-B06E-09A0CEF70FCC}C:\program files (x86)\kunos simulazioni\assetto corsa early access\acs.exe] => (Allow) C:\program files (x86)\kunos simulazioni\assetto corsa early access\acs.exe
FirewallRules: [{82B6C15F-B026-43CB-9A8C-B10B6E4512D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{12211AEB-D3C4-48C4-8C9B-335DC5947B99}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{2E74C05B-73F0-4C3E-ADB7-467667E4BFF5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{9D34ED21-8A83-4964-BBDB-0BCA5A668F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{E8DE53A5-1029-47C0-866B-6296250A30BD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{66C59E8C-6B9A-48F4-B525-EFE53643EE04}] => (Allow) C:\Users\Jo&atilde;o Thorlief\Downloads\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{169EB954-6E43-4AA5-9E39-BD953C8DA976}] => (Allow) C:\Users\Jo&atilde;o Thorlief\Downloads\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{CB40841D-3B89-45A5-B62F-10995A04C4CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{B072DEA3-8B32-4346-8E39-C03F2D4100B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{06E79A09-2111-429A-AD6B-5B679AF27AE0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{9584329C-65A5-41FB-8ABF-8519AB86BC8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [TCP Query User{D4CC1201-6B1F-459C-B446-72B050A40539}C:\users\jo&atilde;o thorlief\downloads\utorrent.exe] => (Allow) C:\users\jo&atilde;o thorlief\downloads\utorrent.exe
FirewallRules: [UDP Query User{D06B7857-474B-4235-9E1F-1E0F3D6A69D7}C:\users\jo&atilde;o thorlief\downloads\utorrent.exe] => (Allow) C:\users\jo&atilde;o thorlief\downloads\utorrent.exe
FirewallRules: [TCP Query User{9A5719F5-AF04-4365-8008-633C151DA3C7}C:\program files (x86)\arma 3 complete campaign edition\arma3.exe] => (Allow) C:\program files (x86)\arma 3 complete campaign edition\arma3.exe
FirewallRules: [UDP Query User{CFFB8413-B88B-478D-A095-1584F6CE2A71}C:\program files (x86)\arma 3 complete campaign edition\arma3.exe] => (Allow) C:\program files (x86)\arma 3 complete campaign edition\arma3.exe
FirewallRules: [TCP Query User{A277C883-140A-41F3-848E-9F1F07F012DA}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{1827CE50-3F8B-48F2-9C73-C856158A1B8D}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{1D174A58-9264-43D6-947F-74F9F8CFD3E4}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\L.A.Noire\LANLauncher.exe
FirewallRules: [{80D7E232-D8CE-48BE-9D53-E1137ED6BBE6}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\L.A.Noire\LANLauncher.exe
FirewallRules: [{EB200CAC-1695-4EBF-B6C3-C0EC9762CFBC}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\L.A.Noire\LANLauncher.exe
FirewallRules: [{A695D6F1-F3F8-4D29-A1CA-3A159423BC94}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\L.A.Noire\LANLauncher.exe
FirewallRules: [{E17FFAA0-998D-4F85-BF1D-21AADE7A8329}] => (Block) %ProgramFiles% (x86)\R.G. Mechanics\L.A.Noire\LANLauncher.exe
FirewallRules: [{CB6ED72A-E261-4EA3-BFF5-17143766B285}] => (Allow) C:\ongame\Pointblank\PointBlank.exe
FirewallRules: [{94795F63-ACE2-4FCD-ACAB-251E70BF4EED}] => (Allow) C:\ongame\Pointblank\PointBlank.exe
FirewallRules: [TCP Query User{9FFAFE7E-1AA9-4D31-ACC7-48247823B322}C:\users\jo&atilde;o thorlief\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\jo&atilde;o thorlief\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C651A7E7-B674-415E-B8A2-7BA270EB5E09}C:\users\jo&atilde;o thorlief\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\jo&atilde;o thorlief\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{367FA732-98B4-429D-AE49-F69BE34AD83E}C:\users\jo&atilde;o thorlief\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\jo&atilde;o thorlief\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8B5BAC67-5096-423B-A0B8-C2BDD9EF23B4}C:\users\jo&atilde;o thorlief\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\jo&atilde;o thorlief\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2648C4A2-8D44-48DF-966E-B2371423B575}C:\users\pedro\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\pedro\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BEDE29B5-A9E0-4F75-9D59-C9D74BA085C7}C:\users\pedro\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\pedro\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{0D26BA25-F88C-4E9D-99EC-92E79029FA70}C:\users\pedro\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\pedro\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{961F59BC-44B1-46B6-98A5-59576B4A2EB7}C:\users\pedro\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\pedro\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B79884DA-3B4A-41B5-AE4D-C8A17472A7E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39C70B9A-0ED5-4F72-A845-67D4F6FF0227}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3409FD9-69FE-4CE1-8AF2-C699D90A3142}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{3649EE30-1D43-4876-BB81-01F803C195E8}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{F5E9FCB3-2CC3-40DB-BC6C-942062348BFB}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{036C7A62-5154-4F0C-9465-618BB44C37BE}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe
FirewallRules: [{043DC82E-8F3F-41F6-8025-B1FC4155F48B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de T&uacute;nel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click Update Driver to update the drivers for this device.
On the General Properties tab of the device, click Troubleshoot to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 02:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: Uninstall.exe_unknown, vers&atilde;o: 0.0.0.0, carimbo de hora: 0x54d056e1
Nome do m&oacute;dulo de falhas: Uninstall.exe, vers&atilde;o: 0.0.0.0, carimbo de hora: 0x54d056e1
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento com falha: 0x00006efe
Identifica&ccedil;&atilde;o do processo com falha: 0x1c34
Hora de in&iacute;cio do aplicativo com falha: 0xUninstall.exe_unknown0
Caminho do aplicativo com falha: Uninstall.exe_unknown1
FCaminho do m&oacute;dulo de falhas: Uninstall.exe_unknown2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: Uninstall.exe_unknown3

Error: (04/28/2015 04:44:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, vers&atilde;o: 37.0.2.5583, carimbo de hora: 0x552ef76c
Nome do m&oacute;dulo de falhas: mozalloc.dll, vers&atilde;o: 37.0.2.5583, carimbo de hora: 0x552ee9ae
C&oacute;digo de exce&ccedil;&atilde;o: 0x80000003
Deslocamento com falha: 0x00001aa1
Identifica&ccedil;&atilde;o do processo com falha: 0x169c
Hora de in&iacute;cio do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do m&oacute;dulo de falhas: plugin-container.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: plugin-container.exe3

Error: (04/28/2015 04:44:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: plugin-container.exe, vers&atilde;o: 37.0.2.5583, carimbo de hora: 0x552ef76c
Nome do m&oacute;dulo de falhas: mozalloc.dll, vers&atilde;o: 37.0.2.5583, carimbo de hora: 0x552ee9ae
C&oacute;digo de exce&ccedil;&atilde;o: 0x80000003
Deslocamento com falha: 0x00001aa1
Identifica&ccedil;&atilde;o do processo com falha: 0x1584
Hora de in&iacute;cio do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
FCaminho do m&oacute;dulo de falhas: plugin-container.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: plugin-container.exe3

Error: (04/28/2015 02:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: AACFree.exe, vers&atilde;o: 5.7.9.0, carimbo de hora: 0x5515070d
Nome do m&oacute;dulo de falhas: SHELL32.dll, vers&atilde;o: 6.1.7601.17514, carimbo de hora: 0x4ce7b9de
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento com falha: 0x003f2260
Identifica&ccedil;&atilde;o do processo com falha: 0x10d0
Hora de in&iacute;cio do aplicativo com falha: 0xAACFree.exe0
Caminho do aplicativo com falha: AACFree.exe1
FCaminho do m&oacute;dulo de falhas: AACFree.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: AACFree.exe3

Error: (04/28/2015 02:00:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 01:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: NvStreamNetworkService.exe, vers&atilde;o: 4.1.1943.6202, carimbo de hora: 0x551399be
Nome do m&oacute;dulo de falhas: NvStreamNetworkService.exe, vers&atilde;o: 4.1.1943.6202, carimbo de hora: 0x551399be
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento com falha: 0x00000000004e920f
Identifica&ccedil;&atilde;o do processo com falha: 0x9ac
Hora de in&iacute;cio do aplicativo com falha: 0xNvStreamNetworkService.exe0
Caminho do aplicativo com falha: NvStreamNetworkService.exe1
FCaminho do m&oacute;dulo de falhas: NvStreamNetworkService.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: NvStreamNetworkService.exe3

Error: (04/27/2015 04:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 04:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: NvStreamNetworkService.exe, vers&atilde;o: 4.1.1943.6202, carimbo de hora: 0x551399be
Nome do m&oacute;dulo de falhas: NvStreamNetworkService.exe, vers&atilde;o: 4.1.1943.6202, carimbo de hora: 0x551399be
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento com falha: 0x00000000004e920f
Identifica&ccedil;&atilde;o do processo com falha: 0x8dc
Hora de in&iacute;cio do aplicativo com falha: 0xNvStreamNetworkService.exe0
Caminho do aplicativo com falha: NvStreamNetworkService.exe1
FCaminho do m&oacute;dulo de falhas: NvStreamNetworkService.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: NvStreamNetworkService.exe3

Error: (04/26/2015 04:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: tld.exe, vers&atilde;o: 5.0.1.11919, carimbo de hora: 0x5515372e
Nome do m&oacute;dulo de falhas: ntdll.dll, vers&atilde;o: 6.1.7601.17514, carimbo de hora: 0x4ce7ba58
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento com falha: 0x000222c2
Identifica&ccedil;&atilde;o do processo com falha: 0x22c
Hora de in&iacute;cio do aplicativo com falha: 0xtld.exe0
Caminho do aplicativo com falha: tld.exe1
FCaminho do m&oacute;dulo de falhas: tld.exe2
Identifica&ccedil;&atilde;o do Relat&oacute;rio: tld.exe3

Error: (10/20/2011 02:59:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Falha ao extrair lista raiz de terceiros do arquivo cab de atualiza&ccedil;&atilde;o autom&aacute;tica de:  com erro: Um certificado necess&aacute;rio n&atilde;o est&aacute; no per&iacute;odo de validade ao ser verificado em rela&ccedil;&atilde;o &agrave; hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.
.

System errors:
=============
Error: (04/28/2015 01:59:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de in&iacute;cio do sistema ou de inicializa&ccedil;&atilde;o:
iSafeKrnlMon

Error: (04/28/2015 01:58:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 13:34:35 &agrave;s &lrm;28/&lrm;04/&lrm;2015 n&atilde;o era esperado.

Error: (04/27/2015 04:30:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de in&iacute;cio do sistema ou de inicializa&ccedil;&atilde;o:
iSafeKrnlMon

Error: (04/26/2015 11:20:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transa&ccedil;&atilde;o do servi&ccedil;o ShellHWDetection.

Error: (10/20/2011 02:58:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de in&iacute;cio do sistema ou de inicializa&ccedil;&atilde;o:
iSafeKrnlMon

Error: (10/20/2011 02:58:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: N&atilde;o foi poss&iacute;vel iniciar o servi&ccedil;o LogMeIn Hamachi Tunneling Engine devido ao seguinte erro:
%%1053

Error: (10/20/2011 02:58:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conex&atilde;o do servi&ccedil;o LogMeIn Hamachi Tunneling Engine.

Error: (10/20/2011 02:57:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 00:11:59 &agrave;s &lrm;20/&lrm;10/&lrm;2011 n&atilde;o era esperado.

Error: (10/19/2011 11:01:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de in&iacute;cio do sistema ou de inicializa&ccedil;&atilde;o:
iSafeKrnlMon

Error: (10/19/2011 11:00:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 01:17:43 &agrave;s &lrm;20/&lrm;10/&lrm;2011 n&atilde;o era esperado.

Microsoft Office Sessions:
=========================
Error: (04/29/2015 02:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uninstall.exe_unknown0.0.0.054d056e1Uninstall.exe0.0.0.054d056e1c000000500006efe1c3401d082a51ecce9d5C:\Program Files (x86)\Sense\Uninstall.exeC:\Program Files (x86)\Sense\Uninstall.exe5dde49b8-ee98-11e4-bd29-c89cdc4d7c1b

Error: (04/28/2015 04:44:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1169c01d081d676add433C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfaa9e627-edde-11e4-bd29-c89cdc4d7c1b

Error: (04/28/2015 04:44:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1158401d081d6780d9069C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf68f4575-edde-11e4-bd29-c89cdc4d7c1b

Error: (04/28/2015 02:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AACFree.exe5.7.9.05515070dSHELL32.dll6.1.7601.175144ce7b9dec0000005003f226010d001d081d8a3b53b91C:\Program Files (x86)\Anvsoft\Any Audio Converter\AACFree.exeC:\Windows\syswow64\SHELL32.dll1dc47bf4-edcc-11e4-bd29-c89cdc4d7c1b

Error: (04/28/2015 02:00:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/28/2015 01:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f9ac01d081d4a2c6f779C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exee7f6da37-edc7-11e4-bd29-c89cdc4d7c1b

Error: (04/27/2015 04:31:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA Win32_Processor AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 04:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f8dc01d08120905c2cd0C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exed2c4541b-ed13-11e4-bbec-c89cdc4d7c1b

Error: (04/26/2015 04:03:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tld.exe5.0.1.119195515372entdll.dll6.1.7601.175144ce7ba58c0000005000222c222c01d080314a90e896C:\Users\Jo&atilde;o Thorlief\Downloads\The.Long.Dark.v227\tld.exeC:\Windows\SysWOW64\ntdll.dlleec19a2c-ec46-11e4-b294-c89cdc4d7c1b

Error: (10/20/2011 02:59:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUm certificado necess&aacute;rio n&atilde;o est&aacute; no per&iacute;odo de validade ao ser verificado em rela&ccedil;&atilde;o &agrave; hora atual do sistema ou ao carimbo de data/hora no arquivo assinado.

CodeIntegrity Errors:
===================================
  Date: 2015-02-06 16:04:26.205
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-06 16:04:26.189
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 76%
Total physical RAM: 4095.24 MB
Available physical RAM: 960.93 MB
Total Pagefile: 8188.68 MB
Available Pagefile: 4353.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:32.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (mandbvc) (CDROM) (Total:2.3 GB) (Free:0 GB) CDFS
Drive g: (L.A. Noire - DVD2) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF
Drive h: (L.A. Noire - DVD3) (CDROM) (Total:3.57 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 28BDCA89)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
[/SPOILER]

Answer

Ol&aacute;

Fa&ccedil;a estes 2 procedimentos

Remova adwares e toolbars maliciosas com o Adwcleaner

Tutorial do Junkware Removal Tool

Poste os logs ap&oacute;s

Answer

[QUOTE=edutango, post: 7137926, member: 903370]Ol&aacute;

Fa&ccedil;a estes 2 procedimentos

Remova adwares e toolbars maliciosas com o Adwcleaner

Tutorial do Junkware Removal Tool

Poste os logs ap&oacute;s[/QUOTE]

Segue o [SPOILER=JRT]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.6 (04.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Jo&atilde;o Thorlief on 29/04/2015 at 20:23:23,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901119}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901119}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\baidu security
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\baidu security

~~~ FireFox

Successfully deleted the following from C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\mozilla\firefox\profiles\uozbhi6b.default\prefs.js

user_pref(browser.search.defaultengine, Baidu);
user_pref(browser.search.defaultthis.engineName, Baidu);
Emptied folder: C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\mozilla\firefox\profiles\uozbhi6b.default\minidumps [4 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/04/2015 at 20:28:56,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[/SPOILER]. Infelizmente esqueci de salvar o Adwcleaner.

Answer

[QUOTE=thorlief, post: 7138140, member: 958202]Segue o [SPOILER=JRT]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.6 (04.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Jo&atilde;o Thorlief on 29/04/2015 at 20:23:23,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901119}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901119}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower

Successfully deleted: [Folder] C:\Program Files (x86)\baidu security
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\baidu security

Successfully deleted the following from C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\mozilla\firefox\profiles\uozbhi6b.default\prefs.js

user_pref(browser.search.defaultengine, Baidu);
user_pref(browser.search.defaultthis.engineName, Baidu);
Emptied folder: C:\Users\Jo&atilde;o Thorlief\AppData\Roaming\mozilla\firefox\profiles\uozbhi6b.default\minidumps [4 files]

[/SPOILER]. Infelizmente esqueci de salvar o Adwcleaner.[/QUOTE]

Ok/ tem baidu [tinha]

Acesse este link abaixo e clique no primeiro bot&atilde;o da esquerda que &eacute; o bot&atilde;o Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

*Clique com o bot&atilde;o direito do mouse no Zoek.exe e selecione EXECUTAR como administrador/ certos antiv&iacute;rus podem bloquear o download; desative tempor&aacute;riamente por 15 minutos

* Copie todo este texto destacado em vermelho abaixo e cole-o no espa&ccedil;o em branco do Zoek:
[COLOR=#b30000]
createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;[/COLOR]

*Clique [Run Script]

Ferramentas

Mover Tópico