Ir ao conteúdo
  • Cadastre-se
hleb

Notebook apresentando lentidão e pop-ups

Recommended Posts

De uns dias pra cá meu note tem apresentado uma lentidão nada habitual e algumas pop-ups com o nome de "Ads.egrana" no Chrome abrem do nada. Segue em anexo o log do za-scan

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@hleb

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções:

http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
5 horas atrás, CarlosTurco disse:

@hleb

 

 

Ainda está errado.

 

Conforme instrução a ferramenta deve ser executada na área de trabalho.

 

 

 

Launched: D:\Desktop\ZA-Scan (1).exe [Z-Analyse Scan]

 

Foi executado na área de trabalho. É que meu Disco Local "C", na verdade é "D".

Compartilhar este post


Link para o post
Compartilhar em outros sites

@hleb

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

createsrpoint;
shortcutfix;
ffdefaults;
chrdefaults;
resetwmi;
resetieproxy;
network.proxy;ff
emptyclsid;
msconfigcheck;
autoclean;
ipconfig /flushdns >>"%temp%\log.txt";b

Salve este arquivo na Área de Trabalho (Desktop) como zascript

Novamente, execute o ZA-Scan.exe e aguarde.
Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

CarlosTurco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites


ZA-Scan V1.0.0.5 Updated 31-December-2015
Tool run by Renan on 10/07/2016 at 23:57:01,28.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\UpdatusUser\Desktop\ZA-Scan.exe
Script used: C:\Users\UpdatusUser\Desktop\zascript.txt

==== System Restore Info ======================

10/07/2016 23:59:17 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Renan\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-31251158-3223676712-4027323767-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Renan\AppData\Local\{FEF512F8-0E9D-48AB-9AE4-E43E9468DBE4}" deleted
"C:\PROGRA~3\ByteFence\RTOP\uclogfile.bin" not deleted
"C:\Users\Renan\AppData\Roaming\pdfforge" deleted
"C:\PROGRA~3\ByteFence" not deleted
"C:\PROGRA~3\ByteFence\RTOP" not deleted

==== Orphaned Tasks deleted from Registry ======================

ESET Windows 10 upgrade - Refresh settings deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bknbnapaddjdnbilpmlacdkjdkjmbjhd - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bknbnapaddjdnbilpmlacdkjdkjmbjhd - No path found[]

Google Slides - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Sorry a notebook with this name already exists. - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adrenaline.uol.com.br_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adrenaline.uol.com.br_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.egrana.com.br_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.egrana.com.br_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_staticssl.batanga.net_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_staticssl.batanga.net_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.freefind.com_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.freefind.com_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe 
C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe 
C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe 
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe 
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT\GDMFX-EXT.lnk - C:\Program Files (x86)\GDMFX-EXT\TraderExt.Launcher.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT\Uninstall GDMFX-EXT.lnk - C:\Program Files (x86)\GDMFX-EXT\TraderExt.Launcher.exe -uninstall {796A3E6D-32CE-4EA2-B0EC-188759FC295F}
C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO\Uninstall Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe -uninstall {A10D7E52-7BD9-4310-8E48-9AD5AA92C952}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\MetaEditor.lnk - C:\Program Files (x86)\Core Trader\metaeditor.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\Uninstall.lnk - C:\Program Files (x86)\Core Trader\uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk - C:\Windows\Installer\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}\Evernote.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\GDM FX.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\MetaEditor.lnk - C:\Program Files (x86)\GDM Forex\metaeditor.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\Uninstall.lnk - C:\Program Files (x86)\GDM Forex\uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Buscar Meu iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendário.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contatos.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Fotos do iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud para Windows.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe keynote
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Lembretes.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notas.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe numbers
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe pages
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Renan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Renan\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== Reset WMI ======================

Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows.
Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar  estes servi‡os.

   Central de Seguran‡a
   Auxiliar de IP

O servi‡o de Central de Seguran‡a est  sendo finalizado .
O servi‡o de Central de Seguran‡a foi finalizado com ˆxito.

O servi‡o de Auxiliar de IP est  sendo finalizado .
O servi‡o de Auxiliar de IP foi finalizado com ˆxito.

O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est  sendo finalizado .
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Renan\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Renan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\ByteFence\RTOP\uclogfile.bin"  not found
"C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\PROGRA~3\ByteFence"  not found

==== EOF on 11/07/2016 at  2:50:01,08 ======================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@hleb

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)


Clique duas vezes para executar a ferramenta.

  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.

Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta.

Anexe o log Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 10-07-2016 01
Executado por Renan (administrador) em RENAN-PC (12-07-2016 00:04:26)
Executando a partir de C:\Users\UpdatusUser\Desktop
Perfis Carregados: Renan & UpdatusUser (Perfis Disponíveis: Renan & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486632 2010-10-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-10-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-23] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3209072 2010-12-14] (Dell Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [1058864 2016-05-11] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [Chromium] => "c:\users\renan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [uTorrent] => C:\Users\Renan\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-22] (BitTorrent Inc.)
HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-17] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
Startup: C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{5626F0B8-397E-49A2-BB17-FC51F627F29D}: [NameServer] 200.175.5.139,200.175.89.139
Tcpip\..\Interfaces\{5626F0B8-397E-49A2-BB17-FC51F627F29D}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{CF4F0655-AB78-4C1F-9E51-2029E6788F71}: [NameServer] 200.175.5.139,4.2.2.1
Tcpip\..\Interfaces\{CF4F0655-AB78-4C1F-9E51-2029E6788F71}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-31251158-3223676712-4027323767-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-31251158-3223676712-4027323767-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-12-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-12-23] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a)

Chrome: 
=======
CHR Profile: C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-11]
CHR Extension: (Google Docs) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-11]
CHR Extension: (Google Drive) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-11]
CHR Extension: (YouTube) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (Planilhas do Google) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-11]
CHR Extension: (Documentos Google off-line) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-11]
CHR Extension: (Gmail) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR HKU\S-1-5-21-31251158-3223676712-4027323767-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [Arquivo não assinado]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-03-20] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1058864 2016-05-11] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-07-11] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-06-27] (Cyberlink Corp.)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-11 23:57 - 2016-07-12 00:04 - 00000000 ____D C:\FRST
2016-07-11 02:44 - 2016-07-11 02:44 - 24468782 _____ C:\Windows\repository.backup
2016-07-11 02:44 - 2016-07-10 23:56 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-07-09 20:08 - 2016-07-09 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-09 20:07 - 2016-07-09 20:08 - 00000000 ____D C:\Program Files\iTunes
2016-07-09 20:07 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files\iPod
2016-07-09 20:07 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-22 04:12 - 2016-07-11 01:54 - 00000000 ____D C:\zoek_backup
2016-06-05 17:03 - 2016-07-10 23:43 - 00000000 ____D C:\Users\Renan\AppData\Local\FX LITE for MetaTrader 4
2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT
2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\Program Files (x86)\GDMFX-EXT
2016-06-05 16:53 - 2016-07-08 01:49 - 00000000 ____D C:\Program Files (x86)\GDM Forex
2016-06-05 16:53 - 2016-06-05 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex
2016-05-22 02:48 - 2016-05-22 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-16 04:42 - 2016-05-22 02:48 - 00000000 ____D C:\Users\Renan\AppData\Roaming\Apple Computer
2016-05-16 04:42 - 2016-05-22 02:48 - 00000000 ____D C:\Users\Renan\AppData\Local\Apple Computer
2016-05-16 04:42 - 2016-05-16 04:42 - 00000000 ____D C:\Users\Todos os Usuários\Apple Computer
2016-05-16 04:42 - 2016-05-16 04:42 - 00000000 ____D C:\ProgramData\Apple Computer
2016-05-16 04:41 - 2016-05-16 04:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Users\Renan\AppData\Local\Apple
2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files\Bonjour
2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-16 04:40 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-16 04:40 - 2016-05-16 04:41 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2016-05-16 04:40 - 2016-05-16 04:41 - 00000000 ____D C:\ProgramData\Apple
2016-05-13 02:33 - 2016-06-14 23:09 - 00000000 ____D C:\Users\Renan\AppData\Local\ElevatedDiagnostics
2016-05-13 02:03 - 2016-05-13 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO
2016-05-13 02:03 - 2016-05-13 02:03 - 00000000 ____D C:\Program Files (x86)\Core BO for MT4
2016-05-04 23:56 - 2016-05-13 02:06 - 00000000 ____D C:\Users\Renan\AppData\Local\Core BO for MetaTrader 4
2016-05-04 23:56 - 2016-05-04 23:56 - 00000000 ____D C:\Users\Renan\AppData\Local\TradeToolsFX
2016-05-04 23:46 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Todos os Usuários\MetaQuotes
2016-05-04 23:46 - 2016-05-04 23:46 - 00000000 ____D C:\ProgramData\MetaQuotes
2016-05-04 23:45 - 2016-07-08 01:53 - 00000000 ____D C:\Program Files (x86)\Core Trader
2016-05-04 23:45 - 2016-05-04 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader
2016-05-04 23:44 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Renan\AppData\Roaming\MetaQuotes
2016-05-04 20:42 - 2016-05-17 23:48 - 00000000 ____D C:\Users\Renan\AppData\Roaming\TS3Client
2016-05-04 20:42 - 2016-05-04 20:42 - 00000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-05-04 20:42 - 2016-05-04 20:42 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\Users\Renan\AppData\LocalLow\Evernote
2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\Users\Renan\AppData\Local\Evernote
2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-05-02 19:12 - 2016-05-02 19:12 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-04-21 01:13 - 2016-07-11 23:52 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-04-21 01:13 - 2016-04-21 01:14 - 00001024 _____ C:\.rnd
2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ___HD C:\Program Files (x86)\Diebold
2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\Program Files\Diebold
2016-04-21 01:13 - 2015-03-18 11:23 - 00103640 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-04-21 01:12 - 2016-07-11 23:52 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-04-21 01:12 - 2016-04-21 01:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-04-21 01:12 - 2016-04-21 01:13 - 00000000 ____D C:\ProgramData\GbPlugin

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-12 00:01 - 2009-07-14 01:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-12 00:01 - 2009-07-14 01:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-11 23:58 - 2009-07-29 12:49 - 00707078 _____ C:\Windows\system32\prfh0416.dat
2016-07-11 23:58 - 2009-07-29 12:49 - 00147324 _____ C:\Windows\system32\prfc0416.dat
2016-07-11 23:58 - 2009-07-14 02:13 - 01638038 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-11 23:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-11 23:55 - 2016-02-14 22:46 - 00000000 ____D C:\Users\Renan\AppData\Roaming\uTorrent
2016-07-11 23:52 - 2016-02-11 00:05 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-11 23:52 - 2016-02-03 15:41 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-07-11 23:52 - 2016-02-03 15:41 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-11 23:52 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-11 08:16 - 2016-02-11 00:05 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-11 02:49 - 2016-02-27 00:35 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-07-11 02:49 - 2016-02-27 00:35 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-07-11 01:48 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-11 01:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-07-07 23:07 - 2016-02-14 22:48 - 00000000 ___SD C:\Users\Renan\AppData\LocalLow\Temp
2016-06-30 23:57 - 2016-02-03 15:41 - 00000000 ____D C:\Users\UpdatusUser
2016-06-21 01:51 - 2016-02-03 13:06 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-06-17 23:18 - 2016-02-11 00:06 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-07-07 21:52

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×