cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by João Carlos (administrator) on JOAOCARLOS-PC on 23-06-2015 23:15:47
Running from C:\Users\João Carlos\Desktop
Loaded Profiles: João Carlos (Available Profiles: João Carlos)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\memdefrag.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Users\João Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\João Carlos.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2015-01-28] (ESET)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-03-10] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2014-11-28] (Caixa Economica Federal)
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\...\Run: [Glary Memory Optimizer] => C:\Program Files\Glary Utilities 5\memdefrag.exe [122656 2015-06-08] (Glarysoft Ltd)
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-02-13] (GAS Tecnologia LTDA)
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\...\Run: [user place] => C:\ProgramData\user place.exe
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\...\MountPoints2: {a8f46ebe-594b-11e4-ba25-806e6f6e6963} - D:\UpdateInstaller.exe
HKU\S-1-5-21-418999608-1835545135-2351229056-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\João Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\João Carlos.exe [2015-05-30] ()
BootExecute: autocheck autochk * BootDefrag.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-418999608-1835545135-2351229056-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-418999608-1835545135-2351229056-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-418999608-1835545135-2351229056-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-418999608-1835545135-2351229056-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2015-03-10] (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehCef.dll [2014-11-28] (Caixa Economica Federal)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1864576 2015-03-10] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1789792 2014-11-28] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\João Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ceivwnu7.default-1418336270077
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-418999608-1835545135-2351229056-1000: gastecnologia.com.br/sf/bb -> C:\Users\João Carlos\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia)

Chrome:
=======
CHR Profile: C:\Users\João Carlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\João Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Google Wallet) - C:\Users\João Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2015-01-28] (ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [565560 2015-01-20] (GAS Tecnologia)
S2 hpqcxs08; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 hpqddsvc; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-02-13] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2015-03-30] (Glarysoft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-03-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51824 2015-03-10] (ESET)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46552 2015-01-13] (GAS Tecnologia)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2015-05-01] (Glarysoft Ltd)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-03-20] (GAS Tecnologia)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-05-20] (Basil)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S1 mosfilterdrv; system32\drivers\mosfilterdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 23:15 - 2015-06-23 23:16 - 00013417 _____ C:\Users\João Carlos\Desktop\FRST.txt
2015-06-23 23:12 - 2015-06-23 23:13 - 01148928 _____ (Farbar) C:\Users\João Carlos\Desktop\FRST.exe
2015-06-23 23:11 - 2015-06-23 23:11 - 00001241 _____ C:\Users\João Carlos\Desktop\CTR.txt
2015-06-23 23:06 - 2015-06-23 23:06 - 01196032 _____ C:\Users\João Carlos\Desktop\CTR.exe
2015-06-23 23:05 - 2015-06-23 23:05 - 01196032 _____ C:\Users\João Carlos\Downloads\Não confirmado 303294.crdownload
2015-06-23 22:24 - 2015-06-23 22:24 - 00002299 _____ C:\Users\João Carlos\Desktop\JRT.txt
2015-06-23 22:19 - 2015-06-23 22:19 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOAOCARLOS-PC-Windows-7-Ultimate-(32-bit).dat
2015-06-23 22:19 - 2015-06-23 22:19 - 00000000 ____D C:\RegBackup
2015-06-23 22:09 - 2015-06-23 22:11 - 02951367 _____ (Malwarebytes Corporation) C:\Users\João Carlos\Desktop\JRT.exe
2015-06-23 21:40 - 2015-06-23 21:40 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-23 21:40 - 2015-06-23 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-23 21:29 - 2015-06-23 22:34 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 21:28 - 2015-06-23 22:32 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-23 21:27 - 2015-06-23 21:28 - 00931408 _____ (Google Inc.) C:\Users\João Carlos\Downloads\ChromeSetup.exe
2015-06-23 00:51 - 2015-06-23 00:51 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\ActiveX
2015-06-23 00:50 - 2015-06-23 00:50 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\Soft4Boost
2015-06-23 00:50 - 2015-06-23 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soft4Boost
2015-06-23 00:50 - 2015-06-23 00:50 - 00000000 ____D C:\Program Files\Soft4Boost
2015-06-23 00:50 - 2015-06-23 00:50 - 00000000 ____D C:\Program Files\Common Files\Soft4Boost
2015-06-23 00:50 - 2012-10-22 21:48 - 00030816 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-06-23 00:43 - 2015-06-23 00:45 - 13274736 _____ (Soft4Boost Ltd. ) C:\Users\João Carlos\Downloads\S4BToolbarCleaner.exe
2015-06-22 23:34 - 2015-06-23 00:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-22 23:12 - 2015-06-22 23:13 - 07277208 _____ (Avira Operations GmbH & Co. KG ) C:\Users\João Carlos\Downloads\avira_system_speedup.exe
2015-06-22 23:05 - 2015-06-22 23:07 - 07277208 _____ (Avira Operations GmbH & Co. KG ) C:\Users\João Carlos\Downloads\avira_system_speedup_CMPG3_A_ normal.exe
2015-06-22 00:50 - 2015-06-22 00:50 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\HD Tune Pro
2015-06-22 00:50 - 2015-06-22 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2015-06-22 00:50 - 2015-06-22 00:50 - 00000000 ____D C:\Program Files\HD Tune Pro
2015-06-22 00:48 - 2015-06-22 00:49 - 02239373 _____ (EFD Software ) C:\Users\João Carlos\Downloads\hdtunepro_560_trial.exe
2015-06-21 23:41 - 2015-06-21 23:41 - 00023593 _____ C:\Users\João Carlos\AppData\Local\recently-used.xbel
2015-06-21 17:47 - 2015-06-21 17:49 - 00002092 ____N C:\Users\João Carlos\Desktop\ZHPCleaner.txt
2015-06-21 17:29 - 2015-06-21 17:54 - 00000849 ____N C:\Users\João Carlos\Desktop\ZHPCleaner.lnk
2015-06-21 17:27 - 2015-06-21 17:28 - 01847808 ____N C:\Users\João Carlos\Desktop\ZHPCleaner.exe
2015-06-20 23:18 - 2015-06-20 23:19 - 01537011 _____ ( ) C:\Users\João Carlos\Downloads\ffrsetup.exe
2015-06-20 21:53 - 2015-06-20 21:53 - 00002893 ____N C:\Users\João Carlos\Desktop\ZHPFixReport.txt
2015-06-20 14:27 - 2015-06-20 14:27 - 00107776 ____N C:\Users\João Carlos\Desktop\ZHPDiag.txt
2015-06-20 00:18 - 2015-06-20 14:25 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-06-20 00:14 - 2015-06-21 17:54 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\ZHP
2015-06-20 00:14 - 2015-06-20 14:25 - 00000000 ____D C:\Program Files\ZHPDiag
2015-06-20 00:14 - 2015-06-20 14:22 - 00000234 _____ C:\Users\João
2015-06-20 00:14 - 2015-06-20 00:14 - 00001940 ____N C:\Users\João Carlos\Desktop\ZHPFix.lnk
2015-06-20 00:14 - 2015-06-20 00:14 - 00001813 ____N C:\Users\João Carlos\Desktop\ZHPDiag.lnk
2015-06-20 00:14 - 2015-06-20 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-06-20 00:10 - 2015-06-20 00:12 - 06883618 _____ (Nicolas Coolman ) C:\ZHPDiag2.exe
2015-06-18 22:01 - 2015-06-18 22:08 - 51812576 _____ (Microsoft Corporation) C:\Users\João Carlos\Downloads\Windows-KB890830-V5.25.exe
2015-06-18 21:35 - 2015-06-23 22:30 - 00001064 _____ C:\Windows\setupact.log
2015-06-18 21:35 - 2015-06-18 21:35 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 21:34 - 2015-06-23 22:00 - 00003736 _____ C:\Windows\PFRO.log
2015-06-18 20:25 - 2015-06-18 20:25 - 00000480 _____ C:\Users\João Carlos\Downloads\debug.log
2015-06-18 19:58 - 2015-05-20 21:04 - 00031448 _____ (Basil) C:\Windows\system32\WinDivert32.sys
2015-06-18 11:56 - 2015-06-18 11:56 - 00390004 _____ C:\Users\João Carlos\Downloads\RESTOQUE-438905-PRE PROD + LACR.rar
2015-06-17 23:31 - 2015-06-17 23:31 - 00002138 __RSH C:\Users\João Carlos\ntuser.pol
2015-06-17 23:27 - 2015-06-17 23:27 - 00000000 __SHD C:\Users\Todos os Usuários\Windows 7
2015-06-17 23:27 - 2015-06-17 23:27 - 00000000 __SHD C:\ProgramData\Windows 7
2015-06-16 22:09 - 2015-06-16 22:10 - 00000000 ____D C:\Windows\pss
2015-06-16 17:49 - 2015-06-16 17:49 - 00000000 ____D C:\Users\Todos os Usuários\F-Secure
2015-06-16 17:49 - 2015-06-16 17:49 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\F-Secure
2015-06-16 17:49 - 2015-06-16 17:49 - 00000000 ____D C:\ProgramData\F-Secure
2015-06-15 23:03 - 2015-06-18 00:03 - 00000000 ____D C:\Users\João Carlos\AppData\Local\F-Secure
2015-06-15 22:57 - 2015-06-15 23:03 - 38840720 _____ (F-Secure Corporation) C:\Users\João Carlos\Downloads\clarosync.exe
2015-06-13 17:18 - 2015-06-13 17:21 - 00000000 ____D C:\Users\João Carlos\Downloads\O Oleo de Lorenzo - dublado
2015-06-13 01:29 - 2015-06-13 17:18 - 00000000 ____D C:\Users\João Carlos\Downloads\Subs
2015-06-13 01:29 - 2015-06-13 01:31 - 10554352 _____ C:\Users\João Carlos\Downloads\bsplayer269-1079.exe
2015-06-07 12:02 - 2015-06-07 12:02 - 00014420 _____ C:\Users\João Carlos\Downloads\8A3528370D56F970C5C41B750E29ADE26A38D964.torrent
2015-06-07 11:22 - 2015-06-07 11:22 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-07 11:22 - 2015-06-07 11:22 - 00000924 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-04 00:21 - 2015-06-04 00:21 - 00108032 _____ C:\Users\João Carlos\Downloads\Package_en.xls
2015-06-04 00:07 - 2015-06-04 00:10 - 12785304 _____ (ASUS Cloud Corporation) C:\Users\João Carlos\Downloads\ASUSWebStorageSyncAgent2.2.2.524.exe
2015-06-01 22:40 - 2015-06-01 22:40 - 00371761 ____N C:\Users\João Carlos\Desktop\J Carlos Coelho _ Flickr - Photo Sharing!.html
2015-06-01 22:40 - 2015-06-01 22:40 - 00000000 ____D C:\Users\João Carlos\Desktop\J Carlos Coelho _ Flickr - Photo Sharing!_files
2015-05-30 16:24 - 2015-05-30 16:25 - 00000000 __SHD C:\Users\Todos os Usuários\JOAOCARLOS-PC
2015-05-30 16:24 - 2015-05-30 16:25 - 00000000 __SHD C:\ProgramData\JOAOCARLOS-PC
2015-05-30 09:43 - 2015-05-30 09:50 - 00000000 ____D C:\Users\João Carlos\Downloads\Arrow.S03E24.HDTV.x264-LOL.mp4
2015-05-30 09:42 - 2015-05-30 09:42 - 00011069 _____ C:\Users\João Carlos\Downloads\Arrow+S03E24+HDTV+x264-LOL+mp4.torrent
2015-05-26 21:29 - 2015-05-26 21:29 - 00015719 _____ C:\Users\João Carlos\Downloads\[kat.cr]maos.talentosas.a.historia.de.benjamin.2009.dvdrip.dual.au.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 23:15 - 2014-11-30 15:14 - 00000000 ____D C:\FRST
2015-06-23 23:13 - 2014-11-06 18:30 - 02019954 _____ C:\Windows\WindowsUpdate.log
2015-06-23 23:11 - 2014-10-22 06:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-23 22:36 - 2009-07-14 01:34 - 00023280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 22:36 - 2009-07-14 01:34 - 00023280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 22:33 - 2014-12-10 09:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-23 22:33 - 2014-11-04 20:30 - 00000000 ____D C:\Program Files\Glary Utilities 5
2015-06-23 22:32 - 2014-10-22 20:50 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-23 22:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration
2015-06-23 22:30 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 21:39 - 2014-10-22 06:51 - 00000000 ____D C:\Program Files\Google
2015-06-23 01:04 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public
2015-06-23 00:29 - 2014-10-22 21:03 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-06-23 00:29 - 2014-10-22 21:03 - 00000000 ____D C:\ProgramData\GbPlugin
2015-06-23 00:13 - 2015-03-03 23:57 - 00410424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-23 00:13 - 2014-11-17 21:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-22 23:12 - 2015-03-20 22:46 - 00110008 _____ C:\Users\João Carlos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-21 23:41 - 2015-02-16 02:49 - 00000000 ____D C:\Users\João Carlos\AppData\Local\gtk-2.0
2015-06-21 23:41 - 2015-02-16 02:33 - 00000000 ____D C:\Users\João Carlos\.gimp-2.8
2015-06-21 22:53 - 2011-02-04 14:30 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-21 22:53 - 2009-07-14 05:31 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2015-06-21 22:53 - 2009-07-14 05:31 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2015-06-20 22:11 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-20 21:52 - 2015-03-18 23:38 - 01046528 ___SH C:\Users\João Carlos\Desktop\Thumbs.db
2015-06-18 23:17 - 2014-10-22 20:05 - 00000000 ____D C:\Users\João Carlos\Documents\Documentos do Word
2015-06-18 23:17 - 2014-10-22 20:05 - 00000000 ____D C:\Users\João Carlos\Documents\Documentos do Excel
2015-06-18 23:11 - 2015-03-24 23:02 - 00110080 ___SH C:\Users\João Carlos\Downloads\Thumbs.db
2015-06-18 21:34 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Resources
2015-06-18 20:25 - 2014-10-22 06:51 - 00000000 ____D C:\Users\João Carlos\AppData\Local\Google
2015-06-18 00:04 - 2014-10-21 15:11 - 00000000 ____D C:\Users\João Carlos
2015-06-17 23:31 - 2014-10-22 06:23 - 00001118 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-06-17 23:31 - 2014-10-22 06:23 - 00001118 __RSH C:\ProgramData\ntuser.pol
2015-06-16 22:12 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\ias
2015-06-16 22:00 - 2015-04-22 21:10 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\DiskDefrag
2015-06-16 18:02 - 2014-11-13 21:17 - 00000000 ____D C:\Users\João Carlos\Documents\ConvertXtoDVD
2015-06-15 19:06 - 2015-04-02 18:11 - 00000000 ____D C:\Users\João Carlos\Documents\Arquivos do Outlook
2015-06-13 18:48 - 2014-11-06 22:24 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\uTorrent
2015-06-13 17:16 - 2015-02-22 16:56 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\vlc
2015-06-13 01:33 - 2015-02-03 17:10 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2015-06-13 01:33 - 2015-02-03 17:10 - 00001087 _____ C:\Users\Public\Desktop\BS.Player FREE.lnk
2015-06-09 23:21 - 2014-10-22 06:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-09 23:21 - 2014-10-22 06:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 21:17 - 2014-11-04 20:30 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-06-09 21:17 - 2014-11-04 20:30 - 00001055 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-06-01 21:56 - 2014-10-22 20:50 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\TeamViewer
2015-06-01 17:57 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-06-01 00:34 - 2015-03-22 19:52 - 00039936 ____N C:\Users\João Carlos\Desktop\photothumb.db
2015-05-28 19:29 - 2015-03-02 00:06 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\PhotoScape
2015-05-28 19:27 - 2015-02-08 21:14 - 00000000 ____D C:\Users\João Carlos\Desktop\Originals
2015-05-27 00:03 - 2014-10-21 19:28 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-26 00:09 - 2014-11-13 20:17 - 00000000 ____D C:\Users\João Carlos\AppData\Roaming\Vso
2015-05-25 23:13 - 2014-11-13 20:17 - 00000000 ____D C:\Users\Todos os Usuários\VSO
2015-05-25 23:13 - 2014-11-13 20:17 - 00000000 ____D C:\ProgramData\VSO

==================== Files in the root of some directories =======

2014-11-13 20:17 - 2014-11-13 20:17 - 0007887 _____ () C:\Users\João Carlos\AppData\Roaming\pcouffin.cat
2014-11-13 20:17 - 2014-11-13 20:17 - 0001144 _____ () C:\Users\João Carlos\AppData\Roaming\pcouffin.inf
2014-11-13 20:17 - 2014-11-13 20:17 - 0000055 _____ () C:\Users\João Carlos\AppData\Roaming\pcouffin.log
2014-11-13 20:17 - 2014-11-13 20:17 - 0047360 _____ (VSO Software) C:\Users\João Carlos\AppData\Roaming\pcouffin.sys
2014-09-01 05:18 - 2014-12-10 08:52 - 0001171 _____ () C:\Users\João Carlos\AppData\Roaming\RV
2015-01-04 22:57 - 2014-11-25 03:05 - 67139214 _____ () C:\Users\João Carlos\AppData\Roaming\Torrent-Downloaded-From-ExtraTorrent.cc.txt.mp4
2015-03-08 16:52 - 2015-03-08 16:52 - 0016485 _____ () C:\Users\João Carlos\AppData\Roaming\unins000.dat
2015-06-21 23:41 - 2015-06-21 23:41 - 0023593 _____ () C:\Users\João Carlos\AppData\Local\recently-used.xbel
2015-03-04 18:03 - 2015-03-05 21:20 - 0007597 _____ () C:\Users\João Carlos\AppData\Local\Resmon.ResmonCfg
2014-12-10 07:25 - 2014-12-10 07:25 - 0000227 _____ () C:\ProgramData\bc.ini
2015-03-25 22:57 - 2015-03-25 22:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-22 09:06 - 2015-03-04 00:10 - 0001420 _____ () C:\ProgramData\hpzinstall.log
2014-12-09 22:57 - 2014-12-09 22:57 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 14:25

==================== End of log ============================

Publicité


Signaler le contenu de ce document

Publicité