Ir ao conteúdo
  • Cadastre-se

hleb

Membros Plenos
  • Total de itens

    51
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

1

Informações gerais

  • Cidade e Estado
    PR
  • Sexo
    Masculino
  1. Tudo ok, grato mais uma vez.
  2. RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : User [Administrator] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Signatures : 20190606_152234, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2019/06/06 21:41:50 (Duration : 00:16:15) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-RFAC4.tmp\corefixer.exe (/norerun) -> Deleted [PUP.Easeware (Potentially Malicious)] \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> Deleted [PUP.Easeware (Potentially Malicious)] C:\Windows\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (--scan) -> ERROR [80070002] [PUP.Easeware (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{20D09F7C-7797-4ED3-BE29-E91C4DE32143}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AF109A77-B281-45E2-817D-2A074A567690}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AF109A77-B281-45E2-817D-2A074A567690}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{20D09F7C-7797-4ED3-BE29-E91C4DE32143}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- -> Deleted [PUP.Easeware (Potentially Malicious)] Driver Easy.lnk -- %SystemDrive%\Users\Public\Desktop\Driver Easy.lnk (lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE []) -> Deleted [PUP.Easeware (Potentially Malicious)] Easeware -- %_User_appdata%\Easeware -> Deleted [PUP.Easeware (Potentially Malicious)] Desinstalar o Driver Easy.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Easy\Desinstalar o Driver Easy.lnk (lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe []) -> Deleted [PUP.Easeware (Potentially Malicious)] Driver Easy.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk (lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE []) -> Deleted [PUP.Easeware (Potentially Malicious)] Easeware -- %ProgramFiles%\Easeware -> Deleted
  3. RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits Started in : Normal mode User : User [Administrator] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Signatures : 20190606_152234, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/06/06 20:57:39 (Duration : 00:17:02) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) C:\Windows\Tasks\Driver Easy Scheduled Scan.job -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found [PUP.Easeware (Potentially Malicious)] (Easeware Technology Limited) \Driver Easy Scheduled Scan -- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [--scan] -> Found [Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-RFAC4.tmp\corefixer.exe [/norerun] -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Uninstall [PUP.Easeware (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 -- N/A -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{20D09F7C-7797-4ED3-BE29-E91C4DE32143}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AF109A77-B281-45E2-817D-2A074A567690}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{AF109A77-B281-45E2-817D-2A074A567690}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{20D09F7C-7797-4ED3-BE29-E91C4DE32143}C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\user\appdata\local\temp\spoon\cache\0x0a012c8bd34325d0\stubexe\0xd74fce251438e5e8\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\Users\Public\Desktop\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found [PUP.Easeware (Potentially Malicious)] (folder) Easeware -- C:\Users\User\AppData\Roaming\Easeware -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Desinstalar o Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Desinstalar o Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\unins000.exe -> Found [PUP.Easeware (Potentially Malicious)] (shortcut) Driver Easy.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy\Driver Easy.lnk => C:\PROGRA~1\Easeware\DRIVER~1\DRIVER~1.EXE -> Found [PUP.Easeware (Potentially Malicious)] (folder) Easeware -- C:\Program Files\Easeware -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  4. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 02/06/2019 Hora da análise: 14:33 Arquivo de registro: 7f5d6e7e-855c-11e9-837b-00ffb3e77540.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10872 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: User-PC\User -Resumo da análise- Tipo de análise: Análise Customizada Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 379758 Ameaças detectadas: 5 Ameaças em quarentena: 5 Tempo decorrido: 1 hr, 51 min, 6 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 5 PUP.Optional.InstallCore.Generic, C:\USERS\USER\DOCUMENTS\CR_DOWNLOADER_PARA_GRAND-THEFT-AUTO---MISSION-PACK-#1---LONDON-1969_2999473183.EXE, Quarentena, [560], [512445],1.0.10872 Adware.InstallCore, C:\USERS\USER\DOCUMENTS\GRAND THEFT AUTO - MISSION PACK 1 - LONDON 1969 [NTSC-U] [SLUS-00846]_2526781914.EXE, Quarentena, [442], [680376],1.0.10872 Generic.Malware/Suspicious, C:\USERS\USER\DOWNLOADS\AERO ENABLER 1.0.0.2 - SETUP\AERO ENABLER 1.0.0.2 - SETUP.EXE, Quarentena, [0], [392686],1.0.10872 PUP.Optional.InstallCore.Generic, C:\USERS\USER\DOCUMENTS\CR_DOWNLOADER_PARA_SSSPSX_3395813624.EXE, Quarentena, [560], [512445],1.0.10872 Generic.Malware/Suspicious, C:\USERS\USER\DOWNLOADS\AERO ENABLER 1.0.0.2 - SETUP.ZIP, Quarentena, [0], [392686],1.0.10872 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-05-27.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-02-2019 # Duration: 00:00:01 # OS: Windows 7 Home Premium # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Conduit Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\FreeFallProtection ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1383 octets] - [02/06/2019 18:08:26] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2019.5.29.79 by Nicolas Coolman (2019/05/29) ~ Run by User (Administrator) (02/06/2019 18:14:03) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\User\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (76) FOUND file: C:\Windows\Installer\wix{0A596141-97D5-45FA-9281-98DFAF48D579}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{C29B636B-9015-4ED1-A12F-6375A337F23B}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\9dd1a.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\a8bbe.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\aa8f3.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\abe8c.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\acd8c.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\ae7d4.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\b0be5.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\b8a55.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\b9a80.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\ba1fd.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\c203d.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\d0a447.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Users\User\AppData\Local\Temp\CVR3E47.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\CVR3E8.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\CVR4CA9.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\CVR8CA.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\CVR96F2.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\CVRBF78.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\LocalStorage.txt =>.SUP.Temporary.Empty FOUND file: C:\Users\User\AppData\Local\Temp\nfe400.lock =>.SUP.Temporary.Empty FOUND folder: C:\Program Files (x86)\Webteh\BSplayer =>.SUP.ABTeam FOUND folder: C:\Program Files (x86)\Webteh =>.SUP.ABTeam FOUND folder: C:\ProgramData\Trymedia\data =>PUP.Optional.Trymedia FOUND folder: C:\ProgramData\Trymedia\licenses =>PUP.Optional.Trymedia FOUND folder: C:\ProgramData\Trymedia =>PUP.Optional.Trymedia FOUND folder: C:\Users\User\AppData\Local\Temp\scoped_dir1608_15436 =>.SUP.Temporary.Steam FOUND folder: C:\Users\User\AppData\Local\Temp\scoped_dir2572_23266 =>.SUP.Temporary.Steam FOUND folder: C:\Users\User\AppData\Local\Temp\scoped_dir3144_32014 =>.SUP.Temporary.Steam FOUND folder: C:\Users\User\AppData\Local\Temp\scoped_dir5328_19030 =>.SUP.Temporary.Steam FOUND folder: C:\Users\User\AppData\Local\Temp\scoped_dir960_5797 =>.SUP.Temporary.Steam FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\116 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\278 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\382 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\386 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\417 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\443 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\493 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\498 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\514 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\515 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\516 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\517 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\518 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\519 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\520 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\Plugins =>.SUP.Temporary.Chrome FOUND folder: C:\Windows\Installer\MSI1D36.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI1F69.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI2BD8.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI45A0.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI4718.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI4BCA.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI734B.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI823C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8327.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIA092.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIA3F3.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIB83A.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIB8E6.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIC318.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSID023.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSID11E.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIE95B.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF213.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF733.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF83D.tmp- =>.SUP.Empty FOUND file: C:\Users\User\Desktop\ZA-Scan.exe =>.SUP.Orphan.MUICache FOUND file: C:\Users\User\Documents\ZA-Scan.exe =>.SUP.Orphan.MUICache ---\\ Registry ( Key, Value, Data) (12) FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Webteh [] =>.SUP.ABTeam FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayerf [Webteh, d.o.o.] =>.SUP.ABTeam FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\User\Desktop\ZA-Scan.exe [ZA-Scan] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Windows\system32\WFS.exe [Microsoft Windows Fax and Scan] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Evernote\Evernote\Evernote.exe [Evernote] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Skype\Phone\Skype.exe [Skype ] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\User\Desktop\zoek\ZA-Scan.exe [ZA-Scan] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\User\Desktop\Z-Analyse.exe [Z-Analyse] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\User\Desktop\zoek\Z-Analyse.exe [Z-Analyse] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Google Chrome] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\User\Documents\ZA-Scan.exe [ZA-Scan, Brazilian version of Z-Analyse] =>.SUP.Orphan.MUICache FOUND value: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.8.0_161\ [No Folder] =>.SUP.Obsolete.NoFolder ---\\ Summary of the elements found (9) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.ABTeam https://nicolascoolman.eu/2017/10/04/adware-trymedia/ =>PUP.Optional.Trymedia https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Steam https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Orphan.MUICache https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.NoFolder ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 86988 ~ Items found : 112 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h09mn12s ---\\ Reports (0) ZHPCleaner--02062019-18_23_15.txt
  5. Olá a todos os exímios analistas. Já tem quase 18 meses da última análise aqui e estou postando meu log para verificação. Meu cartão foi clonado hoje e estou com medo de algum possível vírus que possa ter alguma relação, além do longo tempo sem qualquer análise. Segue log anexado do ZA-Scan para análise. Fico no aguardo para os próximos passos. ZA-Scan.txt
  6. SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 16.01.2018 19:18:21 Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: User VersionXML: 4.82is-05.01.2018 ___________________________________________________________________________ Windows 7(6.1.7600) (x64) HomePremium Lang: Portuguese(0416) Installation date OS: 11.11.2016 13:19:16 LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [223.5 Gb] Used: [110.7 Gb] Free: [112.8 Gb] ------------------------------- [ Windows ] ------------------------------- Service Pack not Installed Warning! Download Update Possible re-activation of Windows will be needed. Internet Explorer 8.0.7600.16385 Warning! Download Update Online installation. Last version available when Windows update is enabled throught the Internet. User Account Control disabled ^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Never check for updates Date install updates: 2017-08-25 22:29:21 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service has stopped Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------- [ HotFix ] -------------------------------- HotFix KB3115858 Warning! Download Update HotFix KB3140735 Warning! Download Update HotFix KB3138910 Warning! Download Update HotFix KB3138962 Warning! Download Update HotFix KB3145739 Warning! Download Update HotFix KB3146963 Warning! Download Update HotFix KB3156013 Warning! Download Update HotFix KB3156016 Warning! Download Update HotFix KB3156019 Warning! Download Update HotFix KB3155178 Warning! Download Update HotFix KB3153171 Warning! Download Update HotFix KB3170455 Warning! Download Update HotFix KB3178034 Warning! Download Update HotFix KB3185911 Warning! Download Update HotFix KB3184122 Warning! Download Update HotFix KB3192391 Warning! Download Update HotFix KB3197867 Warning! Download Update HotFix KB3205394 Warning! Download Update HotFix KB4012212 Warning! Download Update HotFix KB4019263 Warning! Download Update HotFix KB4022722 Warning! Download Update HotFix KB4015546 Warning! Download Update HotFix KB4025337 Warning! Download Update HotFix KB4034679 Warning! Download Update HotFix KB4041678 Warning! Download Update ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.4763.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (disabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Malwarebytes (disabled and up to date) Windows Defender (enabled and out of date) -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes versão 3.3.1.2183 v.3.3.1.2183 --------------------------- [ OtherUtilities ] ---------------------------- Arquivo do WinRAR --------------------------------- [ IM ] ---------------------------------- Skype™ 7.40 v.7.40.104 Warning! Download Update -------------------------------- [ Java ] --------------------------------- Java 8 Update 151 (64-bit) v.8.0.1510.12 Warning! Download Update Uninstall old version and install new one (jre-8u152-windows-x64.exe). --------------------------- [ AppleProduction ] --------------------------- iTunes v.12.5.5.5 Warning! Download Update ^Please use Apple Software Update tool.^ --------------------------- [ AdobeProduction ] --------------------------- Adobe Acrobat Reader DC - Português v.18.009.20050 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.63.0.3239.132 ------------------ [ AntivirusFirewallProcessServices ] ------------------- Malwarebytes Service (MBAMService) - The service has stopped McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe Windows Defender (WinDefend) - The service is running ----------------------------- [ End of Log ] ------------------------------
  7. Aparentemente está tudo ok, e parece que o note está mais rápido. Só que de todos serviços e programas que desativei, o mcafee stinger continua rodando. É recomendado que o deixe ou devo desinstalar? Grato pelo trabalho, Elias.
  8. McAfee Stinger Scan Results McAfee® Labs Stinger™ Version 12.1.0.2635 built on Jan 12 2018 at 00:35:49 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Jan 12, 2018 Ready to scan for 10290 viruses, trojans and variants. Custom scan initiated on sexta-feira, janeiro 12, 2018 20:26:04 Rootkit scan result : Clean. Summary Report on C: D: File(s) TotalFiles:............ 621780 Clean:................. 223893 Not Scanned:........... 397887 Possibly Infected:..... 0 Time: 02:28:44 Scan completed on sexta-feira, janeiro 12, 2018 22:54:48
  9. RogueKiller V12.11.32.0 (x64) [Jan 8 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7600) 64 bits version Iniciou : Modo normal Usuário : User [Administrador] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Modo : Deletar -- Data : 01/11/2018 18:41:19 (Duration : 00:29:21) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 2 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substituído (2) [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Substituído (2) ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 10 ¤¤¤ [PUP.Gen1][Pasta] C:\ProgramData\Trymedia -> Deletado [PUP.Gen1][Pasta] C:\ProgramData\Trymedia\data -> Deletado [PUP.Gen1][Pasta] C:\ProgramData\Trymedia\licenses -> Deletado [PUP.Gen1][Pasta] C:\ProgramData\Trymedia -> ERROR [3] [Tr.Gen0][Arquivo] C:\Users\User\Pictures\ccleaner-5-38-6357.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\FullTiltSetup.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\IRPF2012win32v1.0.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\iTunes6464Setup.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\PowerISO5.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\sce_setup_completo.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\ZA-Scan.exe -> Deletado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\zsnesw.exe -> Deletado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: SanDisk SDSSDA240G ATA Device +++++ --- User --- [MBR] a465e609d666d71290d0dee35d47240f [BSP] c1edfc3b254db77fd531bc4df5a4cb02 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  10. RogueKiller V12.11.32.0 (x64) [Jan 8 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 7 (6.1.7600) 64 bits version Iniciou : Modo normal Usuário : User [Administrador] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Modo : Escanear -- Data : 01/10/2018 20:32:23 (Duration : 00:30:41) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 2 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 10 ¤¤¤ [PUP.Gen1][Pasta] C:\ProgramData\Trymedia -> Encontrado [PUP.Gen1][Pasta] C:\ProgramData\Trymedia -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\ccleaner-5-38-6357.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\FullTiltSetup.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\IRPF2012win32v1.0.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\iTunes6464Setup.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\PowerISO5.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\sce_setup_completo.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\ZA-Scan.exe -> Encontrado [Tr.Gen0][Arquivo] C:\Users\User\Pictures\zsnesw.exe -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ q ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: SanDisk SDSSDA240G ATA Device +++++ --- User --- [MBR] a465e609d666d71290d0dee35d47240f [BSP] c1edfc3b254db77fd531bc4df5a4cb02 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
  11. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 09/01/18 Hora da análise: 20:56 Arquivo de registro: 486ef5fc-f590-11e7-8d65-b8ac6fc55567.json Administrador: Sim -Informação do software- Versão: 3.3.1.2183 Versão de componentes: 1.0.262 Versão do pacote de definições: 1.0.3660 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 CPU: x64 Sistema de arquivos: NTFS Usuário: User-PC\User -Resumo da análise- Tipo de análise: Análise Customizada Resultado: Concluído Objetos verificados: 319855 Ameaças detectadas: 8 Ameaças em quarentena: 8 Tempo decorrido: 2 hr, 38 min, 43 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 1 RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Quarentena, [233], [133350],1.0.3660 Módulo: 1 RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Quarentena, [233], [133350],1.0.3660 Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 6 RiskWare.Tool.CK, C:\WINDOWS\KMSERVICE.EXE, Quarentena, [233], [133350],1.0.3660 PUP.Optional.InstallCore, C:\USERS\USER\DOWNLOADS\ADLSOFT_UNCOMPRESSOR_V2_BR.EXE, Quarentena, [2], [301069],1.0.3660 PUP.Optional.InstallCore, C:\USERS\USER\DOWNLOADS\BAIXAKI_K-LITE-MEGA-CODEC-PACK.EXE, Quarentena, [2], [324268],1.0.3660 PUP.Optional.MailRu, C:\USERS\USER\FAVORITES\MAIL.RU Агент - используй для общения!.URL, Quarentena, [633], [471428],1.0.3660 PUP.Optional.InstallCore, C:\USERS\USER\DOCUMENTS\BAIXAKI_VISUALBOYADVANCE.EXE, Quarentena, [2], [324268],1.0.3660 PUP.Optional.MailRu, C:\USERS\USER\FAVORITES\MAIL.RU.URL, Quarentena, [633], [471428],1.0.3660 Setor físico: 0 (Nenhum item malicioso detectado) (end) # AdwCleaner 7.0.6.0 - Logfile created on Wed Jan 10 02:28:00 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Conduit Deleted: [Key] - HKU\S-1-5-21-3300679233-3676893005-2444831338-1000\Software\Conduit Deleted: [Key] - HKCU\Software\Conduit ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1121 B] - [2018/1/10 2:26:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
  12. Meu notebook já vem algum tempo apresentando lentidão. Obs: Em julho de 2016 criei um tópico aqui e o mesmo foi fechado por conta do meu log acusar "ativação do office", sendo que nunca efetuei download ou instalação pirata alguma. Este meu notebook foi comprado no site da Dell em 2011 com o Pacote Office original já instalado. Pouco tempo depois do meu tópico ser fechado retornei à loja de informática - que efetuou a última formatação na época - para trocar meu HD antigo para um SSD e indaguei-os se haviam instalado o Office com algum crack ou coisa do tipo quando levei para formatação, e os mesmos disseram que não. De qualquer forma, mostrei o log do fórum e durante a troca do HD, eles disseram que instalariam o Office original de acordo com minha chave antiga de quando comprei o notebook, uma etiqueta velha da DELL colada na parte debaixo do notebook. Dando uma olhada nos tópicos, vi que alguns usuários também possuem "cracks" em seus logs sem que tenham conhecimento, e mesmo assim tiveram suas análises completas pelos analistas do fórum. Sou membro do fórum há quase 11 anos, admiro imensamente o trabalho dos analistas e jamais iria postar qualquer log aqui se eu soubesse que fiz instalação pirata de qualquer programa. Segue anexo log do ZA-Scan. ZA-Scan.txt
  13. Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 10-07-2016 01 Executado por Renan (administrador) em RENAN-PC (12-07-2016 00:04:26) Executando a partir de C:\Users\UpdatusUser\Desktop Perfis Carregados: Renan & UpdatusUser (Perfis Disponíveis: Renan & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 9 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486632 2010-10-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-10-22] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-23] (Synaptics Incorporated) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3209072 2010-12-14] (Dell Inc.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [1058864 2016-05-11] (GAS Tecnologia LTDA) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal) HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [Chromium] => "c:\users\renan\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [uTorrent] => C:\Users\Renan\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-22] (BitTorrent Inc.) HKU\S-1-5-21-31251158-3223676712-4027323767-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-17] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-24] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-24] (NVIDIA Corporation) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal) Startup: C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-02] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{5626F0B8-397E-49A2-BB17-FC51F627F29D}: [NameServer] 200.175.5.139,200.175.89.139 Tcpip\..\Interfaces\{5626F0B8-397E-49A2-BB17-FC51F627F29D}: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{CF4F0655-AB78-4C1F-9E51-2029E6788F71}: [NameServer] 200.175.5.139,4.2.2.1 Tcpip\..\Interfaces\{CF4F0655-AB78-4C1F-9E51-2029E6788F71}: [DhcpNameServer] 10.1.1.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-31251158-3223676712-4027323767-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-31251158-3223676712-4027323767-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-12-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-12-23] (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a) Chrome: ======= CHR Profile: C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-11] CHR Extension: (Google Docs) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-11] CHR Extension: (Google Drive) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-11] CHR Extension: (YouTube) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11] CHR Extension: (Planilhas do Google) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-11] CHR Extension: (Documentos Google off-line) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-11] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-11] CHR Extension: (Gmail) - C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11] CHR HKU\S-1-5-21-31251158-3223676712-4027323767-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [Arquivo não assinado] R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-03-20] () R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1058864 2016-05-11] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-07-11] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-06-27] (Cyberlink Corp.) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-07-11 23:57 - 2016-07-12 00:04 - 00000000 ____D C:\FRST 2016-07-11 02:44 - 2016-07-11 02:44 - 24468782 _____ C:\Windows\repository.backup 2016-07-11 02:44 - 2016-07-10 23:56 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-07-09 20:08 - 2016-07-09 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-07-09 20:07 - 2016-07-09 20:08 - 00000000 ____D C:\Program Files\iTunes 2016-07-09 20:07 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files\iPod 2016-07-09 20:07 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-22 04:12 - 2016-07-11 01:54 - 00000000 ____D C:\zoek_backup 2016-06-05 17:03 - 2016-07-10 23:43 - 00000000 ____D C:\Users\Renan\AppData\Local\FX LITE for MetaTrader 4 2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT 2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\Program Files (x86)\GDMFX-EXT 2016-06-05 16:53 - 2016-07-08 01:49 - 00000000 ____D C:\Program Files (x86)\GDM Forex 2016-06-05 16:53 - 2016-06-05 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex 2016-05-22 02:48 - 2016-05-22 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-05-16 04:42 - 2016-05-22 02:48 - 00000000 ____D C:\Users\Renan\AppData\Roaming\Apple Computer 2016-05-16 04:42 - 2016-05-22 02:48 - 00000000 ____D C:\Users\Renan\AppData\Local\Apple Computer 2016-05-16 04:42 - 2016-05-16 04:42 - 00000000 ____D C:\Users\Todos os Usuários\Apple Computer 2016-05-16 04:42 - 2016-05-16 04:42 - 00000000 ____D C:\ProgramData\Apple Computer 2016-05-16 04:41 - 2016-05-16 04:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Users\Renan\AppData\Local\Apple 2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files\Bonjour 2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files (x86)\Bonjour 2016-05-16 04:41 - 2016-05-16 04:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-05-16 04:40 - 2016-07-09 20:07 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-05-16 04:40 - 2016-05-16 04:41 - 00000000 ____D C:\Users\Todos os Usuários\Apple 2016-05-16 04:40 - 2016-05-16 04:41 - 00000000 ____D C:\ProgramData\Apple 2016-05-13 02:33 - 2016-06-14 23:09 - 00000000 ____D C:\Users\Renan\AppData\Local\ElevatedDiagnostics 2016-05-13 02:03 - 2016-05-13 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO 2016-05-13 02:03 - 2016-05-13 02:03 - 00000000 ____D C:\Program Files (x86)\Core BO for MT4 2016-05-04 23:56 - 2016-05-13 02:06 - 00000000 ____D C:\Users\Renan\AppData\Local\Core BO for MetaTrader 4 2016-05-04 23:56 - 2016-05-04 23:56 - 00000000 ____D C:\Users\Renan\AppData\Local\TradeToolsFX 2016-05-04 23:46 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Todos os Usuários\MetaQuotes 2016-05-04 23:46 - 2016-05-04 23:46 - 00000000 ____D C:\ProgramData\MetaQuotes 2016-05-04 23:45 - 2016-07-08 01:53 - 00000000 ____D C:\Program Files (x86)\Core Trader 2016-05-04 23:45 - 2016-05-04 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader 2016-05-04 23:44 - 2016-05-04 23:46 - 00000000 ____D C:\Users\Renan\AppData\Roaming\MetaQuotes 2016-05-04 20:42 - 2016-05-17 23:48 - 00000000 ____D C:\Users\Renan\AppData\Roaming\TS3Client 2016-05-04 20:42 - 2016-05-04 20:42 - 00000933 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2016-05-04 20:42 - 2016-05-04 20:42 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\Users\Renan\AppData\LocalLow\Evernote 2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\Users\Renan\AppData\Local\Evernote 2016-05-02 19:13 - 2016-05-02 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2016-05-02 19:12 - 2016-05-02 19:12 - 00000000 ____D C:\Program Files (x86)\Evernote 2016-04-21 01:13 - 2016-07-11 23:52 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2016-04-21 01:13 - 2016-04-21 01:14 - 00001024 _____ C:\.rnd 2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia 2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ___HD C:\Program Files (x86)\Diebold 2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\ProgramData\GAS Tecnologia 2016-04-21 01:13 - 2016-04-21 01:13 - 00000000 ____D C:\Program Files\Diebold 2016-04-21 01:13 - 2015-03-18 11:23 - 00103640 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys 2016-04-21 01:12 - 2016-07-11 23:52 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-04-21 01:12 - 2016-04-21 01:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-04-21 01:12 - 2016-04-21 01:13 - 00000000 ____D C:\ProgramData\GbPlugin ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-07-12 00:01 - 2009-07-14 01:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-12 00:01 - 2009-07-14 01:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-11 23:58 - 2009-07-29 12:49 - 00707078 _____ C:\Windows\system32\prfh0416.dat 2016-07-11 23:58 - 2009-07-29 12:49 - 00147324 _____ C:\Windows\system32\prfc0416.dat 2016-07-11 23:58 - 2009-07-14 02:13 - 01638038 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-11 23:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-07-11 23:55 - 2016-02-14 22:46 - 00000000 ____D C:\Users\Renan\AppData\Roaming\uTorrent 2016-07-11 23:52 - 2016-02-11 00:05 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-11 23:52 - 2016-02-03 15:41 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA 2016-07-11 23:52 - 2016-02-03 15:41 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-11 23:52 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-11 08:16 - 2016-02-11 00:05 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-11 02:49 - 2016-02-27 00:35 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-07-11 02:49 - 2016-02-27 00:35 - 00000008 __RSH C:\ProgramData\ntuser.pol 2016-07-11 01:48 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-07-11 01:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-07-07 23:07 - 2016-02-14 22:48 - 00000000 ___SD C:\Users\Renan\AppData\LocalLow\Temp 2016-06-30 23:57 - 2016-02-03 15:41 - 00000000 ____D C:\Users\UpdatusUser 2016-06-21 01:51 - 2016-02-03 13:06 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-06-17 23:18 - 2016-02-11 00:06 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-07-07 21:52 ==================== Fim de FRST.txt ============================ Addition.txt
  14. ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by Renan on 10/07/2016 at 23:57:01,28. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\UpdatusUser\Desktop\ZA-Scan.exe Script used: C:\Users\UpdatusUser\Desktop\zascript.txt ==== System Restore Info ====================== 10/07/2016 23:59:17 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\Renan\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-31251158-3223676712-4027323767-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted "C:\Users\Renan\AppData\Local\{FEF512F8-0E9D-48AB-9AE4-E43E9468DBE4}" deleted "C:\PROGRA~3\ByteFence\RTOP\uclogfile.bin" not deleted "C:\Users\Renan\AppData\Roaming\pdfforge" deleted "C:\PROGRA~3\ByteFence" not deleted "C:\PROGRA~3\ByteFence\RTOP" not deleted ==== Orphaned Tasks deleted from Registry ====================== ESET Windows 10 upgrade - Refresh settings deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bknbnapaddjdnbilpmlacdkjdkjmbjhd - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bknbnapaddjdnbilpmlacdkjdkjmbjhd - No path found[] Google Slides - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Sorry a notebook with this name already exists. - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - Renan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adrenaline.uol.com.br_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adrenaline.uol.com.br_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.egrana.com.br_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.egrana.com.br_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_staticssl.batanga.net_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_staticssl.batanga.net_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.freefind.com_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.freefind.com_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sftrev_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0CyDyDyDyCyBzytCyC0DtN0D0Tzu0StCyDtCyBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StCzztByBzzyByEyEtGtDzyyBzztG0CtAyE0FtGyE0B0CzytG0E0A0C0CyDyCyC0ByE0AtDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0AyBzy0CzztD0FtGyB0F0DyCtGyEzz0F0CtGzztCyB0AtG0E0Ezy0CtC0F0D0D0Azy0BtC2QtN0A0LzuyE%26cr%3D1475474470%26a%3Dwbf_sftrev_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully C:\Users\Renan\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\Users\Public\Desktop\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\Users\Public\Desktop\CorelDRAW X5.lnk - c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe C:\Users\Public\Desktop\CyberLink PowerDVD 8.lnk - C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe C:\Users\Public\Desktop\GDM Forex.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files (x86)\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT\GDMFX-EXT.lnk - C:\Program Files (x86)\GDMFX-EXT\TraderExt.Launcher.exe C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GDMFX-EXT\Uninstall GDMFX-EXT.lnk - C:\Program Files (x86)\GDMFX-EXT\TraderExt.Launcher.exe -uninstall {796A3E6D-32CE-4EA2-B0EC-188759FC295F} C:\Users\Renan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO\Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core BO\Uninstall Core BO for MT4.lnk - C:\Program Files (x86)\Core BO for MT4\TraderExt.Launcher.exe -uninstall {A10D7E52-7BD9-4310-8E48-9AD5AA92C952} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\Core Trader.lnk - C:\Program Files (x86)\Core Trader\terminal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\MetaEditor.lnk - C:\Program Files (x86)\Core Trader\metaeditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Trader\Uninstall.lnk - C:\Program Files (x86)\Core Trader\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk - C:\Windows\Installer\{FC4A0E2E-0CD3-11E6-B80E-005056951CAD}\Evernote.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\GDM FX.lnk - C:\Program Files (x86)\GDM Forex\terminal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\MetaEditor.lnk - C:\Program Files (x86)\GDM Forex\metaeditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GDM Forex\Uninstall.lnk - C:\Program Files (x86)\GDM Forex\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Buscar Meu iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendário.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contatos.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Fotos do iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud para Windows.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe keynote C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Lembretes.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notas.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe numbers C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe pages C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Renan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Renan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Renan\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Renan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== Reset WMI ====================== Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows. Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar estes servi‡os. Central de Seguran‡a Auxiliar de IP O servi‡o de Central de Seguran‡a est sendo finalizado . O servi‡o de Central de Seguran‡a foi finalizado com ˆxito. O servi‡o de Auxiliar de IP est sendo finalizado . O servi‡o de Auxiliar de IP foi finalizado com ˆxito. O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est sendo finalizado . O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito. C:\Windows\system32\wbem\repository renamed to repository.old C:\Windows\syswow64\wbem\repository renamed to repository.old ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Renan\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Renan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\ByteFence\RTOP\uclogfile.bin" not found "C:\Users\Renan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\PROGRA~3\ByteFence" not found ==== EOF on 11/07/2016 at 2:50:01,08 ======================
  15. Feito. ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

GRÁTIS: minicurso “Como ganhar dinheiro montando computadores”

Gabriel TorresGabriel Torres, fundador e editor executivo do Clube do Hardware, acaba de lançar um minicurso totalmente gratuito: "Como ganhar dinheiro montando computadores".

Você aprenderá sobre o quanto pode ganhar, como cobrar, como lidar com a concorrência, como se tornar um profissional altamente qualificado e muito mais!

Inscreva-se agora!