cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Exuperio (administrator) on EXUPERIO-PC on 20-03-2015 16:52:00
Running from C:\Users\Exuperio\Desktop\megalon
Loaded Profiles: Exuperio (Available profiles: Exuperio)
Platform: Microsoft Windows 7 Professional (X86) OS Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(The Cargo Team) C:\Program Files\Cargo\Cargo.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
() C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(The Security Team) C:\Windows\Temp\tmpFEB9.tmp
(The Security Team) C:\Program Files\Common Files\WWS\trz8141.tmp
(ml) C:\Users\Exuperio\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files\Opera\28.0.1750.48\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3770992 2014-09-06] (VIA)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1202560 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [TVTray] => [X]
HKLM\...\Run: [Cargo] => C:\Program Files\Cargo\Cargo.exe [87040 2015-03-12] (The Cargo Team)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-3020790038-2954726524-1842762504-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [490880 2012-09-24] (IObit)
HKU\S-1-5-21-3020790038-2954726524-1842762504-1000\...\MountPoints2: {2ef05fa2-35d0-11e4-8a8a-806e6f6e6963} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EDUP WLan Utility.lnk
ShortcutTarget: EDUP WLan Utility.lnk -> C:\Program Files\EDUP Technology Corporation\EDUP_802.11g_Utility\ZDWlan.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll No File
BootExecute: autocheck autochk * aswBoot.exe /M:643d8d9d /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3020790038-2954726524-1842762504-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2015-01-13] (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1836928 2015-01-13] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Exuperio\AppData\Roaming\Mozilla\Firefox\Profiles\totmu518.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3020790038-2954726524-1842762504-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Exuperio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3020790038-2954726524-1842762504-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Exuperio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3020790038-2954726524-1842762504-1000: gastecnologia.com.br/sf/bb -> C:\Users\Exuperio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-10-28]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-10-28]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Exuperio\AppData\Roaming\Mozilla\Firefox\Profiles\totmu518.default\Extensions\artur.dubovoy@gmail.com [2015-02-26]
FF Extension: SaveFrom.net helper - C:\Users\Exuperio\AppData\Roaming\Mozilla\Firefox\Profiles\totmu518.default\Extensions\helper@savefrom.net.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\Exuperio\AppData\Roaming\Mozilla\Firefox\Profiles\totmu518.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-06]
FF Extension: DownThemAll! - C:\Users\Exuperio\AppData\Roaming\Mozilla\Firefox\Profiles\totmu518.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-09-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

Opera:
=======
OPR StartupUrls: "hxxp://google.com.br/"
OPR Extension: (SaveFrom.net helper) - C:\Users\Exuperio\AppData\Roaming\Opera Software\Opera Stable\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl [2015-03-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-25] (Avast Software)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [359808 2011-10-19] (cFos Software GmbH)
R2 ClockerService; C:\Program Files\Common Files\Clocker\Clocker.exe [95744 2015-03-18] (Greenwichers) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [555320 2015-01-13] (GAS Tecnologia)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2014-09-06] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-11-07] (Windows (R) Win 7 DDK provider)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [33104 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2015-02-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R1 cFosSpeed; C:\Windows\System32\DRIVERS\cfosspeed6.sys [1180032 2011-07-04] (cFos Software GmbH)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46552 2015-01-13] (GAS Tecnologia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-09-13] (GAS Tecnologia)
R3 Pcouffin; C:\Windows\System32\Drivers\Pcouffin.sys [47360 2014-10-06] (VSO Software) [File not signed]
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [283864 2014-12-08] (Realsil Semiconductor Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-25] (Avast Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1806448 2014-09-06] (VIA Technologies, Inc.)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt32.sys [17920 2014-09-06] (Creative Technology Ltd.)
S3 ZD1211BU(EDUP); C:\Windows\System32\DRIVERS\zd1211Bu.sys [477696 2006-08-24] (ZyDAS Technology Corporation)
S3 3xHybrid; system32\DRIVERS\3xHybrid.sys [X]
R3 ArdDrv; \??\C:\Windows\system32\Drivers\ArdDrv.sys [X]
S1 mosfilterdrv; system32\drivers\mosfilterdrv.sys [X]
S1 pofilterdrv; system32\drivers\pofilterdrv.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [658136 2014-12-05] (Realsil Semiconductor Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 16:51 - 2015-03-20 16:52 - 00000000 ____D () C:\FRST
2015-03-20 16:50 - 2015-03-20 16:52 - 00000000 ____D () C:\Users\Exuperio\Desktop\megalon
2015-03-20 16:17 - 2015-03-20 16:17 - 00000197 _____ () C:\Windows\system32\2015-03-20-19-17-58.023-AvastVBoxSVC.exe-3492.log
2015-03-18 17:00 - 2015-03-18 17:00 - 05370432 _____ () C:\Users\Exuperio\Downloads\cfosspeed-v1004.exe
2015-03-18 11:34 - 2015-03-18 11:34 - 00000197 _____ () C:\Windows\system32\2015-03-18-14-34-30.053-AvastVBoxSVC.exe-3388.log
2015-03-16 01:27 - 2015-03-16 01:27 - 00000000 ____D () C:\Users\Exuperio\Documents\My Books
2015-03-16 01:25 - 2015-03-16 01:25 - 00002743 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk
2015-03-16 01:25 - 2015-03-16 01:25 - 00002737 _____ () C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2015-03-16 01:25 - 2015-03-16 01:25 - 00000197 _____ () C:\Windows\system32\2015-03-16-04-25-20.037-AvastVBoxSVC.exe-4976.log
2015-03-16 01:25 - 2015-03-16 01:25 - 00000000 ____D () C:\Users\Public\Documents\Shared Books
2015-03-16 01:25 - 2015-03-16 01:25 - 00000000 ____D () C:\Program Files\VitalSource Bookshelf
2015-03-15 21:16 - 2015-03-15 21:30 - 93636904 _____ (Ingram Content Group) C:\Users\Exuperio\Downloads\BookshelfSetup.exe
2015-03-15 11:06 - 2015-03-15 11:06 - 00000197 _____ () C:\Windows\system32\2015-03-15-14-06-10.024-AvastVBoxSVC.exe-5556.log
2015-03-14 12:29 - 2015-03-14 12:29 - 00000000 ____D () C:\Users\Exuperio\Desktop\manuais
2015-03-14 12:27 - 2015-03-14 12:28 - 00000197 _____ () C:\Windows\system32\2015-03-14-15-27-39.024-AvastVBoxSVC.exe-2812.log
2015-03-12 08:10 - 2015-03-12 08:10 - 00000197 _____ () C:\Windows\system32\2015-03-12-11-10-18.083-AvastVBoxSVC.exe-4548.log
2015-03-11 16:35 - 2015-03-11 16:35 - 00000000 ____D () C:\Program Files\Cargo
2015-03-11 16:34 - 2015-03-11 16:34 - 00000197 _____ () C:\Windows\system32\2015-03-11-19-34-43.067-AvastVBoxSVC.exe-3372.log
2015-03-11 15:58 - 2015-03-20 16:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 15:57 - 2015-03-11 15:57 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 15:57 - 2015-03-11 15:57 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2015-03-11 15:57 - 2015-03-11 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 15:57 - 2015-03-11 15:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-11 15:57 - 2015-03-11 15:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-11 15:57 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-11 15:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-11 15:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-11 15:42 - 2015-03-11 15:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Exuperio\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-09 11:04 - 2015-03-09 11:05 - 00000197 _____ () C:\Windows\system32\2015-03-09-14-04-53.068-AvastVBoxSVC.exe-4628.log
2015-03-07 09:34 - 2015-03-07 09:34 - 00011786 _____ () C:\Users\Exuperio\Desktop\35150300776574000741550030055702401875562019.xml
2015-03-05 11:21 - 2015-03-05 11:21 - 01628553 _____ () C:\Users\Exuperio\Downloads\D386.tmp
2015-03-03 23:59 - 2015-03-03 23:59 - 00000000 ____D () C:\Users\Exuperio\Desktop\transfusao capacitação
2015-03-03 21:29 - 2015-03-18 12:00 - 00000000 ____D () C:\Users\Exuperio\Documents\ir2015
2015-03-03 21:28 - 2015-03-03 22:46 - 00000000 ____D () C:\Users\Exuperio\.receitanet
2015-03-03 21:23 - 2015-03-03 21:23 - 00000197 _____ () C:\Windows\system32\2015-03-04-00-23-23.096-AvastVBoxSVC.exe-2568.log
2015-03-03 09:21 - 2015-03-03 09:21 - 00000822 _____ () C:\Users\Exuperio\Desktop\11256982504-IRPF-A-2014-2013-RETIF.DEC - Atalho.lnk
2015-03-02 19:43 - 2015-03-02 19:43 - 00002131 _____ () C:\Users\Public\Desktop\Receitanet 1.04 .lnk
2015-03-02 19:43 - 2015-03-02 19:43 - 00000176 _____ () C:\Windows\REC-NET.INI
2015-03-02 19:42 - 2015-03-02 19:42 - 00000280 _____ () C:\Windows\system32\2015-03-02-22-42-28.065-aswFe.exe-4048.log
2015-03-02 19:41 - 2015-03-02 19:42 - 00000280 _____ () C:\Windows\system32\2015-03-02-22-41-48.006-aswFe.exe-4852.log
2015-03-02 19:40 - 2015-03-02 19:43 - 00000000 ___HD () C:\Program Files\InstallJammer Registry
2015-03-02 19:40 - 2015-03-02 19:41 - 06182597 _____ (Serpro - Serviço Federal de Processamento de Dados) C:\Users\Exuperio\Downloads\Receitanet-1.04.exe
2015-03-02 19:40 - 2015-03-02 19:40 - 00001724 _____ () C:\Users\Exuperio\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2015-03-02 19:40 - 2015-03-02 19:40 - 00000000 ____D () C:\Users\Exuperio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015
2015-03-02 19:40 - 2015-03-02 19:40 - 00000000 ____D () C:\Arquivos de Programas RFB
2015-03-02 19:35 - 2015-03-02 19:38 - 24451832 _____ (Receita Federal do Brasil) C:\Users\Exuperio\Downloads\IRPF2015win32v1.0.exe
2015-03-02 16:39 - 2015-03-02 16:54 - 00000000 ____D () C:\Users\Exuperio\Desktop\az america
2015-03-02 10:45 - 2015-03-02 10:45 - 00000197 _____ () C:\Windows\system32\2015-03-02-13-45-16.082-AvastVBoxSVC.exe-3512.log
2015-02-28 07:32 - 2015-02-28 07:32 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-32-38.085-AvastVBoxSVC.exe-684.log
2015-02-27 06:05 - 2015-02-27 06:05 - 00000197 _____ () C:\Windows\system32\2015-02-27-09-05-08.059-AvastVBoxSVC.exe-1344.log
2015-02-26 09:10 - 2015-02-26 09:11 - 00000197 _____ () C:\Windows\system32\2015-02-26-12-10-59.049-AvastVBoxSVC.exe-2808.log
2015-02-26 09:04 - 2015-02-26 09:06 - 00000000 ____D () C:\AdwCleaner
2015-02-26 09:03 - 2015-02-26 09:04 - 02126848 _____ () C:\Users\Exuperio\Downloads\AdwCleaner.exe
2015-02-25 19:51 - 2015-02-25 20:01 - 69173051 _____ () C:\Users\Exuperio\Desktop\ledmna.zip
2015-02-25 16:37 - 2015-02-25 16:37 - 00000197 _____ () C:\Windows\system32\2015-02-25-19-37-13.008-AvastVBoxSVC.exe-3136.log
2015-02-24 09:37 - 2015-02-24 09:37 - 00000000 ____D () C:\Program Files\Megalon
2015-02-24 09:34 - 2015-02-24 09:34 - 00000197 _____ () C:\Windows\system32\2015-02-24-12-34-29.074-AvastVBoxSVC.exe-3308.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 16:25 - 2014-09-12 15:37 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 16:22 - 2009-07-14 01:34 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 16:22 - 2009-07-14 01:34 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 16:21 - 2015-02-07 19:25 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-03-20 16:19 - 2014-09-06 11:17 - 01151120 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 16:19 - 2009-07-14 01:39 - 00041631 _____ () C:\Windows\setupact.log
2015-03-20 16:14 - 2015-01-15 19:27 - 00000352 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-03-20 16:14 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-18 18:39 - 2014-09-28 21:34 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3020790038-2954726524-1842762504-1000UA.job
2015-03-18 11:42 - 2014-09-08 21:01 - 00000000 ____D () C:\Program Files\Opera
2015-03-18 11:30 - 2009-07-14 01:33 - 00461136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 10:39 - 2014-09-06 11:25 - 01631590 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 10:39 - 2009-07-14 05:31 - 00704478 _____ () C:\Windows\system32\prfh0416.dat
2015-03-16 10:39 - 2009-07-14 05:31 - 00146784 _____ () C:\Windows\system32\prfc0416.dat
2015-03-16 09:52 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-16 01:27 - 2014-09-06 12:33 - 00109992 _____ () C:\Users\Exuperio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-16 01:22 - 2014-12-29 22:51 - 00000000 ____D () C:\Users\Exuperio\Desktop\diversos
2015-03-16 01:19 - 2014-09-08 18:03 - 00374238 _____ () C:\Windows\PFRO.log
2015-03-16 01:08 - 2014-09-28 21:34 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3020790038-2954726524-1842762504-1000Core.job
2015-03-12 11:15 - 2014-11-08 22:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-12 09:57 - 2014-09-14 01:31 - 00000000 ____D () C:\Users\Exuperio\Documents\REGIMENTOS
2015-03-12 08:10 - 2015-02-10 17:46 - 00000000 ____D () C:\Users\Exuperio\Desktop\boletos portal f
2015-03-03 23:34 - 2014-10-14 11:25 - 00289280 ___SH () C:\Users\Exuperio\Documents\Thumbs.db
2015-03-03 21:28 - 2014-09-06 11:20 - 00000000 ____D () C:\Users\Exuperio
2015-03-02 19:43 - 2015-02-12 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
2015-03-02 19:42 - 2015-02-12 14:11 - 00000000 ____D () C:\Program Files\Programas RFB
2015-02-26 09:06 - 2014-09-06 12:46 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-26 09:06 - 2014-09-06 12:46 - 00000971 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-26 09:06 - 2014-09-06 11:21 - 00001088 _____ () C:\Users\Exuperio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== Files in the root of some directories =======

2015-02-12 14:24 - 2015-02-12 14:24 - 0016495 _____ () C:\Users\Exuperio\AppData\Roaming\unins000.dat
2015-02-12 14:24 - 2015-02-12 14:23 - 0815826 _____ () C:\Users\Exuperio\AppData\Roaming\unins000.exe
2014-10-14 11:17 - 2014-10-14 11:17 - 0003584 _____ () C:\Users\Exuperio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-06 14:04 - 2014-09-06 14:04 - 0000003 _____ () C:\Users\Exuperio\AppData\Local\user_data.ini
2014-11-10 21:26 - 2014-11-10 21:26 - 0000165 _____ () C:\ProgramData\bc.ini

Some content of TEMP:
====================
C:\Users\Exuperio\AppData\Local\Temp\ASCSetup.exe
C:\Users\Exuperio\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.4.91133.exe
C:\Users\Exuperio\AppData\Local\Temp\carambis_driver_updater_690871e666b7b2dfb8cbb4fdbae5407348fb46ff.exe
C:\Users\Exuperio\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Exuperio\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Exuperio\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Exuperio\AppData\Local\Temp\ICReinstall_adobe-reader-11-0-8-32-bits(1).exe
C:\Users\Exuperio\AppData\Local\Temp\ICReinstall_adobe-reader-11-0-8-32-bits.exe
C:\Users\Exuperio\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Exuperio\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Exuperio\AppData\Local\Temp\ose00000.exe
C:\Users\Exuperio\AppData\Local\Temp\Quarantine.exe
C:\Users\Exuperio\AppData\Local\Temp\sqlite3.dll
C:\Users\Exuperio\AppData\Local\Temp\tmp5A6A.exe
C:\Users\Exuperio\AppData\Local\Temp\tmpACEE.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 14:18

==================== End Of Log ============================

Publicité


Signaler le contenu de ce document

Publicité