cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Usuario (administrator) on USUARIO-PC (31-08-2015 17:10:27)
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DsNET) C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [537896 2008-07-11] (Dell)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-07-08] (Caixa Economica Federal)
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1853256 2015-07-08] (Caixa Economica Federal)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [NameServer] 189.38.95.95,189.38.95.96
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> DefaultScope {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {93F0317E-3C5A-41EB-B53D-87FDDE46A9B5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2015-07-08] (Caixa Economica Federal)

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-28]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-13]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-13]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-13]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-13]
CHR Extension: (Google Sheets) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [9856 2007-04-19] ()
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46552 2014-11-03] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-15] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-06-20] (GAS Tecnologia)
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)
S3 catchme; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 17:10 - 2015-08-31 17:12 - 00010551 _____ C:\Users\Usuario\Downloads\FRST.txt
2015-08-31 17:09 - 2015-08-31 17:10 - 00000000 ____D C:\FRST
2015-08-31 17:07 - 2015-08-31 17:07 - 01690624 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2015-08-31 09:18 - 2015-08-31 09:18 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3e71e11ea8a.job
2015-08-29 15:52 - 2015-08-29 15:52 - 01938944 _____ C:\Users\Usuario\ZHPCleaner.exe
2015-08-29 15:52 - 2015-08-29 15:52 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2015-08-29 15:52 - 2015-08-29 15:52 - 00000000 ____D C:\ProgramData\ProductData
2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ProductData
2015-08-29 13:37 - 2015-08-29 13:37 - 00000000 ____D C:\Users\Todos os Usuários\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-29 13:37 - 2015-08-29 13:37 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-08-29 11:21 - 2015-08-29 11:22 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Usuario\Downloads\JRT.exe
2015-08-28 01:00 - 2015-08-27 10:25 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-27 10:41 - 2015-08-28 09:26 - 00030448 _____ C:\zoek-results.log
2015-08-27 10:25 - 2015-08-27 20:39 - 00000000 ____D C:\zoek_backup
2015-08-27 10:24 - 2015-08-27 10:25 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe
2015-08-26 11:11 - 2015-08-28 09:24 - 00001630 _____ C:\Windows\PFRO.log
2015-08-25 11:08 - 2015-06-15 21:40 - 02531544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-08-25 10:24 - 2015-08-25 11:33 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-08-23 13:36 - 2015-08-31 09:15 - 00000560 _____ C:\Windows\setupact.log
2015-08-23 13:36 - 2015-08-23 13:36 - 00000000 _____ C:\Windows\setuperr.log
2015-08-14 10:20 - 2015-08-20 10:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 10:20 - 2015-08-14 10:20 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-13 21:26 - 2015-08-13 21:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe
2015-08-13 12:21 - 2015-08-13 12:21 - 00021384 _____ C:\ComboFix.txt
2015-08-13 10:14 - 2015-08-23 15:08 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-13 10:14 - 2015-08-13 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-13 10:08 - 2015-08-31 17:12 - 00735869 _____ C:\Windows\WindowsUpdate.log
2015-08-13 10:07 - 2015-08-31 09:18 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d5c97f488eb.job
2015-08-13 10:07 - 2015-08-13 10:07 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-13 10:06 - 2015-08-13 10:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\Apps\2.0
2015-08-11 20:26 - 2015-08-11 20:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2015-08-11 15:44 - 2015-08-11 15:44 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00001266 _____ C:\Users\Public\Desktop\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
2015-08-11 15:43 - 2015-08-11 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security
2015-08-10 12:26 - 2015-08-10 12:26 - 00000000 ____D C:\Windows\pss
2015-08-10 12:05 - 2015-08-10 12:05 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-10 12:05 - 2015-08-10 12:05 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-10 12:05 - 2015-08-10 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-10 11:34 - 2015-08-10 11:34 - 00501248 _____ (Facebook Inc.) C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe
2015-08-09 11:44 - 2015-08-09 11:44 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-09 10:57 - 2015-08-13 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-08 13:33 - 2015-08-08 14:04 - 209344947 _____ C:\Users\Usuario\Downloads\Vegas Pro 11 by josecalvano.rar
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-07 09:52 - 2015-08-07 09:53 - 02312551 _____ C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip
2015-08-07 09:36 - 2015-08-07 09:38 - 00000000 ____D C:\AdwCleaner
2015-08-07 09:35 - 2015-08-07 09:35 - 02248704 _____ C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe
2015-08-06 23:08 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 23:08 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 23:08 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 23:07 - 2015-08-13 12:21 - 00000000 ____D C:\Qoobox
2015-08-06 23:05 - 2015-08-06 23:57 - 00000000 ____D C:\Windows\erdnt
2015-08-06 22:40 - 2015-08-06 22:44 - 05634244 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe
2015-08-06 22:00 - 2015-08-29 15:53 - 00000834 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2015-08-06 20:49 - 2015-08-06 20:52 - 12257792 _____ C:\Users\Usuario\Downloads\Slide Apometria de Ancoragemxx.ppt
2015-08-05 19:51 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2015-08-04 15:55 - 2015-08-04 15:55 - 00036804 _____ C:\Users\Usuario\Downloads\DiskusDMed.zip
2015-08-03 22:09 - 2015-08-03 22:10 - 00000000 ____D C:\Program Files\DoroPDFWriter
2015-08-03 21:57 - 2015-08-03 22:01 - 00000000 ____D C:\Program Files\PDFTK Builder
2015-08-02 20:28 - 2015-08-02 20:28 - 01871360 _____ C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 14:19 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 14:19 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 11:23 - 2015-06-10 17:28 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2015-08-31 09:15 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-29 20:33 - 2015-06-14 18:13 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2015-08-29 15:52 - 2015-06-09 20:26 - 00000000 ____D C:\Users\Usuario
2015-08-29 13:46 - 2015-06-12 14:24 - 46301184 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00323584 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\ProgramData\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Program Files\IObit
2015-08-27 13:14 - 2015-06-14 18:18 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-08-27 13:14 - 2015-06-14 18:13 - 00000000 ____D C:\Program Files\ZHPDiag
2015-08-26 17:41 - 2015-06-20 18:34 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-08-26 17:41 - 2015-06-20 18:34 - 00000000 ____D C:\ProgramData\GbPlugin
2015-08-26 17:41 - 2015-06-20 18:34 - 00000000 ____D C:\Program Files\GbPlugin
2015-08-26 15:24 - 2015-06-11 20:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2015-08-26 12:17 - 2015-06-10 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-25 18:05 - 2010-11-20 23:33 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2015-08-25 18:05 - 2010-11-20 23:33 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2015-08-25 18:05 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-25 11:36 - 2009-07-14 01:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 11:33 - 2015-06-27 12:19 - 00000000 ____D C:\Windows\system32\RTCOM
2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities
2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\Program Files\SiS VGA Utilities
2015-08-25 11:33 - 2015-06-10 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-25 11:33 - 2015-06-10 17:26 - 00000000 ____D C:\Program Files\MPC-HC
2015-08-25 11:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-08-25 11:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2015-08-25 11:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration
2015-08-25 11:32 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-23 13:51 - 2015-06-12 14:24 - 30777344 _____ C:\Windows\system32\config\components.iobit
2015-08-19 12:50 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-14 19:23 - 2015-07-30 19:33 - 00000000 ____D C:\Program Files\Recuva
2015-08-14 18:27 - 2015-06-13 21:51 - 00000000 ____D C:\Users\Usuario\Downloads\Nado
2015-08-14 15:43 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system
2015-08-13 12:11 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2015-08-13 10:15 - 2015-06-10 21:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2015-08-13 10:07 - 2015-06-10 21:55 - 00000000 ____D C:\Program Files\Google
2015-08-13 10:07 - 2015-06-10 21:53 - 00000000 ____D C:\Users\Usuario\AppData\Local\Deployment
2015-08-11 10:24 - 2015-06-10 21:49 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-08-11 10:24 - 2015-06-10 21:49 - 00000000 ____D C:\ProgramData\Skype
2015-08-08 10:19 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-08 08:52 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-06 23:59 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\Public
2015-08-05 19:51 - 2015-07-29 20:11 - 00001148 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-08-05 19:51 - 2015-07-29 20:11 - 00000049 _____ C:\Windows\system32\ScrRecX.log
2015-08-05 19:51 - 2015-07-29 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-08-05 18:24 - 2015-06-11 18:29 - 00000000 ____D C:\Users\Usuario\Documents\Corel
2015-08-05 09:57 - 2009-07-14 01:33 - 00540320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-04 17:19 - 2015-06-10 15:19 - 00143032 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-02 19:50 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Resources

==================== Files in the root of some directories =======

2015-06-15 21:43 - 2015-06-15 21:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-23 20:30

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité