cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by GenesisQ (administrator) on GENESIS (24-08-2015 19:57:07)
Running from C:\Users\GenesisQ\Desktop
Loaded Profiles: GenesisQ (Available Profiles: GenesisQ)
Platform: Windows 8 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061\upgmsd_br_006010061.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryPower.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [Deskmedia] => C:\Positivo\Deskmedia\GerenciadorLocal.exe [1348920 2014-11-13] (Positivo Informática)
HKLM\...\Run: [Sidebar] => "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe [265808 2012-10-24] (Positivo Informática SA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [gpuminer] => C:\Users\GenesisQ\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [1575424 2015-08-07] (Vitzo)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\RunOnce: [upgmsd_br_006010061.exe] => C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061\upgmsd_br_006010061.exe [3311248 2015-08-14] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\Run: [SmartProtect] => C:\ProgramData\SmartProtect\SmartProtect.exe [56120 2014-11-13] (Positivo Informática)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault;
HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://oem.msn.com
HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://oem.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3E0A75CA-F9CE-4756-A524-6D0E410C05EC}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BatteryManagerSrv; C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe [52304 2012-09-21] (Positivo Informática S.A)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [137728 2012-07-05] (JMicron Technology Corp.)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 19:55 - 2015-08-24 19:57 - 00009192 _____ C:\Users\GenesisQ\Desktop\FRST.txt
2015-08-24 19:55 - 2015-08-24 19:55 - 02186752 _____ (Farbar) C:\Users\GenesisQ\Desktop\FRST64.exe
2015-08-24 19:55 - 2015-08-24 19:55 - 00000000 ____D C:\Users\GenesisQ\Desktop\FRST-OlderVersion
2015-08-23 19:11 - 2015-08-23 19:16 - 00000000 ____D C:\Users\GenesisQ\Desktop\temp
2015-08-23 19:03 - 2015-08-23 19:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-23 19:02 - 2015-08-23 19:27 - 00001972 _____ C:\WINDOWS\setupact.log
2015-08-23 19:02 - 2015-08-23 19:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-23 09:58 - 2015-08-23 15:28 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\vlc
2015-08-23 09:19 - 2015-08-23 09:24 - 00007862 _____ C:\Users\GenesisQ\Desktop\ZHPCleaner.txt
2015-08-23 09:14 - 2015-08-23 09:24 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\ZHP
2015-08-23 09:14 - 2015-08-23 09:14 - 00000802 _____ C:\Users\GenesisQ\Desktop\ZHPCleaner.lnk
2015-08-23 09:14 - 2015-08-23 09:13 - 01925632 _____ C:\Users\GenesisQ\Desktop\ZHPCleaner.exe
2015-08-23 09:13 - 2015-08-23 09:13 - 01925632 _____ C:\Users\GenesisQ\Downloads\ZHPCleaner.exe
2015-08-22 22:49 - 2015-08-22 22:49 - 00001351 _____ C:\Users\GenesisQ\Desktop\AdwCleaner[C3].txt
2015-08-21 21:18 - 2015-08-21 16:04 - 01605632 _____ C:\Users\GenesisQ\Desktop\AdwCleaner.exe
2015-08-21 17:35 - 2015-08-21 17:36 - 00000000 ____D C:\Users\GenesisQ\Desktop\Arquivos de limpeza - Comunidade Hardware
2015-08-21 16:31 - 2015-08-21 16:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\GenesisQ\Downloads\JRT (1).exe
2015-08-21 16:31 - 2015-08-21 16:31 - 01798576 _____ (Malwarebytes Corporation) C:\Users\GenesisQ\Downloads\JRT.exe
2015-08-21 16:14 - 2015-08-21 16:14 - 00003872 _____ C:\WINDOWS\PFRO.log
2015-08-21 16:08 - 2015-08-22 22:00 - 00000000 ____D C:\AdwCleaner
2015-08-21 16:04 - 2015-08-21 16:04 - 01605632 _____ C:\Users\GenesisQ\Downloads\AdwCleaner.exe
2015-08-21 16:04 - 2015-08-21 16:04 - 01605632 _____ C:\Users\GenesisQ\Downloads\AdwCleaner (1).exe
2015-08-19 16:57 - 2015-08-24 19:49 - 00399241 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-19 15:01 - 2015-08-19 15:01 - 00000000 _____ C:\WINDOWS\SysWOW64\RsUser.db
2015-08-19 15:01 - 2015-08-19 15:01 - 00000000 _____ C:\WINDOWS\SysWOW64\RsMon.db
2015-08-19 09:57 - 2015-08-24 19:57 - 00000000 ____D C:\FRST
2015-08-19 09:55 - 2015-08-19 09:55 - 02173440 _____ (Farbar) C:\Users\GenesisQ\Downloads\FRST64.exe
2015-08-18 11:32 - 2015-08-18 11:32 - 00002794 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-08-18 11:31 - 2015-08-18 11:31 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-18 11:31 - 2015-08-18 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-18 11:31 - 2015-08-18 11:31 - 00000000 ____D C:\Program Files\CCleaner
2015-08-18 11:28 - 2015-08-18 11:29 - 06609608 _____ (Piriform Ltd) C:\Users\GenesisQ\Downloads\ccsetup508.exe
2015-08-18 09:35 - 2015-08-18 09:35 - 00001817 _____ C:\Users\GenesisQ\Desktop\chrome - Atalho.lnk
2015-08-18 09:21 - 2015-08-18 09:26 - 00001881 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome - Atalho (2).lnk
2015-08-18 09:20 - 2015-08-18 09:26 - 00001881 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome - Atalho.lnk
2015-08-18 09:06 - 2015-08-18 09:06 - 00003188 _____ C:\WINDOWS\System32\Tasks\{D4014935-2DC6-475D-A13E-B03CF74C2A05}
2015-08-17 06:01 - 2015-08-17 06:01 - 00000000 _____ C:\Users\GenesisQ\AppData\Local\{98C021FE-572F-4FE4-AF56-097D1B1875C2}
2015-08-16 22:29 - 2015-08-16 22:29 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\UG
2015-08-16 22:03 - 2015-08-16 22:03 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-16 22:03 - 2015-08-16 22:03 - 00000000 ____D C:\ppsfile
2015-08-16 21:58 - 2015-08-18 08:48 - 00000000 ____D C:\Program Files (x86)\UPCleaner
2015-08-16 21:57 - 2015-08-23 09:23 - 00000000 ____D C:\Users\Todos os Usuários\MWinManProM
2015-08-16 21:57 - 2015-08-23 09:23 - 00000000 ____D C:\ProgramData\MWinManProM
2015-08-16 21:57 - 2015-08-16 23:06 - 00000434 _____ C:\task.vbs
2015-08-15 21:15 - 2015-08-15 21:15 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-08-15 21:13 - 2012-07-26 02:26 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-15 21:07 - 2015-08-16 09:33 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\VDownloader
2015-08-15 21:07 - 2015-08-15 21:21 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2015-08-15 21:07 - 2015-08-15 21:21 - 00000000 ____D C:\ProgramData\TEMP
2015-08-15 21:05 - 2015-08-16 09:31 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\VDownloader
2015-08-15 21:05 - 2015-08-15 21:11 - 00000000 ____D C:\Program Files\VDownloader
2015-08-15 21:05 - 2015-08-15 21:05 - 00001738 _____ C:\Users\Public\Desktop\VDownloader.lnk
2015-08-15 21:05 - 2015-08-15 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
2015-08-15 21:04 - 2015-08-24 19:56 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061
2015-08-15 20:59 - 2015-08-15 20:59 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\WinRAR
2015-08-15 20:57 - 2015-08-15 20:57 - 00001036 _____ C:\Users\Public\Desktop\WinRAR.lnk
2015-08-15 20:57 - 2015-08-15 20:57 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-15 20:57 - 2015-08-15 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-15 20:56 - 2015-08-15 20:57 - 00000000 ____D C:\Program Files\WinRAR
2015-08-15 20:55 - 2015-08-15 20:56 - 03478920 _____ C:\Users\GenesisQ\Downloads\winrar-x64-521br.exe
2015-08-15 20:55 - 2015-08-15 20:55 - 00003158 _____ C:\WINDOWS\System32\Tasks\{CAB9D268-01A9-4513-9330-82E9D761ACCF}
2015-08-15 20:47 - 2015-08-15 20:47 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC (2).rar
2015-08-15 20:46 - 2015-08-23 09:23 - 00000000 ____D C:\Users\Todos os Usuários\rWinManPror
2015-08-15 20:46 - 2015-08-23 09:23 - 00000000 ____D C:\ProgramData\rWinManPror
2015-08-15 20:46 - 2015-08-15 20:46 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-15 20:46 - 2015-08-15 20:46 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-08-15 20:42 - 2015-08-15 20:43 - 00689352 _____ ( ) C:\Users\GenesisQ\Downloads\WinRAR.cpl
2015-08-15 16:54 - 2015-08-15 16:54 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC (1).rar
2015-08-15 16:43 - 2015-08-15 16:44 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC.rar
2015-08-09 18:10 - 2014-04-16 15:20 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-08-09 18:10 - 2014-04-16 15:20 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-08-09 18:10 - 2014-04-16 15:20 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-08-09 18:10 - 2014-04-16 15:20 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-08-09 18:10 - 2014-04-16 15:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-08-09 18:10 - 2014-04-16 15:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-08-09 18:07 - 2015-08-09 18:08 - 01118920 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\NDP452-KB2901954-Web (1).exe
2015-08-09 18:07 - 2015-08-09 18:07 - 01118920 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\NDP452-KB2901954-Web.exe
2015-08-09 17:58 - 2015-08-09 17:58 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2015-08-09 17:51 - 2015-08-19 17:22 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Deployment
2015-08-09 17:51 - 2015-08-09 17:51 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Apps\2.0
2015-08-09 17:05 - 2015-08-09 17:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-09 17:05 - 2015-08-09 17:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\Program Files\MSBuild
2015-08-09 17:00 - 2012-07-05 23:02 - 01166440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-09 17:00 - 2012-07-05 23:02 - 00778856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-09 17:00 - 2012-07-05 23:02 - 00124040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-09 17:00 - 2012-07-05 23:02 - 00102528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-09 17:00 - 2012-07-05 23:02 - 00035400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-09 17:00 - 2012-07-05 23:02 - 00035400 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-09 16:49 - 2015-08-09 16:49 - 01291088 _____ (PokerStrategy.com) C:\Users\GenesisQ\Downloads\SideKickSetup.exe
2015-08-08 10:07 - 2015-08-08 10:07 - 00002380 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICMIZER.lnk
2015-08-08 10:07 - 2015-08-08 10:07 - 00002350 _____ C:\Users\GenesisQ\Desktop\ICMIZER.lnk
2015-08-05 20:05 - 2013-01-10 13:36 - 00695648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-05 20:05 - 2013-01-10 13:36 - 00080736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-05 20:04 - 2015-08-18 09:22 - 00327256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-01 17:56 - 2015-08-23 11:51 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Equilab
2015-07-28 15:08 - 2015-07-05 07:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-26 18:44 - 2015-07-26 18:44 - 00000517 _____ C:\Users\GenesisQ\Desktop\Pergunta.txt
2015-07-26 08:07 - 2015-07-26 08:11 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\ICMTrainerLight
2015-07-25 16:11 - 2015-08-22 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-25 16:10 - 2015-08-22 22:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-25 16:10 - 2015-08-22 22:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-25 16:09 - 2015-07-25 16:09 - 13095136 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\Silverlight_x64 (1).exe
2015-07-25 16:08 - 2015-07-25 16:09 - 13095136 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\Silverlight_x64.exe
2015-07-25 15:24 - 2015-07-25 15:24 - 00003095 _____ C:\Users\GenesisQ\Desktop\ICM Trainer Light.lnk
2015-07-25 15:24 - 2015-07-25 15:24 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy
2015-07-25 15:21 - 2015-07-25 15:21 - 16094720 _____ C:\Users\GenesisQ\Downloads\ICM_Trainer_Light.msi
2015-07-25 15:10 - 2015-07-25 15:11 - 42173668 _____ ( ) C:\Users\GenesisQ\Downloads\setup_icmtrainer (1).exe
2015-07-25 15:09 - 2015-07-25 15:09 - 00001733 _____ C:\Users\Public\Desktop\Positivo Aplicativos.lnk
2015-07-25 15:08 - 2015-07-25 15:08 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Positivo_Informática_S.A
2015-07-25 15:08 - 2015-07-25 15:08 - 00000000 ____D C:\Program Files (x86)\PokerStrategy
2015-07-25 15:07 - 2015-07-25 15:08 - 42173668 _____ ( ) C:\Users\GenesisQ\Downloads\setup_icmtrainer.exe
2015-07-25 15:01 - 2015-07-25 15:24 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com
2015-07-25 15:01 - 2015-07-25 15:01 - 00002266 _____ C:\Users\Public\Desktop\Equilab.lnk
2015-07-25 15:01 - 2015-07-25 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2015-07-25 15:00 - 2015-07-25 15:00 - 10592148 _____ (PokerStrategy.com ) C:\Users\GenesisQ\Downloads\equilab.exe
2015-07-25 15:00 - 2015-07-25 15:00 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Downloaded Installations

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 19:51 - 2015-07-21 05:55 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 19:51 - 2013-01-26 16:42 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-08-23 19:02 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-23 19:00 - 2015-07-21 05:55 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 18:52 - 2015-07-21 19:18 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\PokerStars
2015-08-23 17:41 - 2015-07-21 19:31 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\fpdb
2015-08-23 09:59 - 2015-07-21 19:31 - 00000000 ____D C:\Users\GenesisQ\.matplotlib
2015-08-23 09:09 - 2015-07-21 05:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506094221-713273713-2986573324-1001
2015-08-22 22:02 - 2012-07-26 04:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-22 19:29 - 2013-01-26 16:42 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-08-21 18:09 - 2015-07-21 05:38 - 00000000 ____D C:\Users\GenesisQ
2015-08-21 16:27 - 2012-07-26 02:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-21 16:13 - 2015-07-21 05:42 - 00000978 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-19 15:20 - 2013-01-26 22:27 - 00000000 ____D C:\WINDOWS\Panther
2015-08-18 19:09 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-08-18 10:44 - 2013-01-26 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Jogos
2015-08-18 10:44 - 2013-01-26 17:02 - 00000000 ____D C:\Program Files (x86)\Zylom Games
2015-08-18 09:31 - 2012-07-26 07:32 - 00763854 _____ C:\WINDOWS\system32\prfh0416.dat
2015-08-18 09:31 - 2012-07-26 07:32 - 00155144 _____ C:\WINDOWS\system32\prfc0416.dat
2015-08-18 09:31 - 2012-07-26 04:28 - 01769104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-16 22:49 - 2015-07-21 05:38 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\VirtualStore
2015-08-16 21:59 - 2015-07-21 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-15 22:36 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\rescache
2015-08-15 21:42 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-15 21:42 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-15 20:36 - 2013-01-26 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-15 16:48 - 2015-07-21 05:38 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Packages
2015-08-13 19:59 - 2015-07-21 19:17 - 00000000 ____D C:\Program Files (x86)\PokerStars
2015-08-09 18:15 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-09 17:04 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-08-09 17:04 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-08-05 19:59 - 2012-07-26 07:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\AppCompat
2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-08-01 09:31 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-01 09:31 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-01 09:30 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-01 09:30 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-01 09:28 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-01 09:28 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-01 09:27 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-29 20:12 - 2012-07-26 02:37 - 00000000 ____D C:\WINDOWS\servicing
2015-07-26 18:38 - 2012-07-26 02:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-26 18:17 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\Users\Todos os Usuários\Positivo
2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\ProgramData\Positivo
2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\Program Files (x86)\Positivo Informática
2015-07-25 15:09 - 2013-01-26 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática
2015-07-25 15:08 - 2015-07-21 05:43 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Positivo

==================== Files in the root of some directories =======

2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 ____N () C:\Users\GenesisQ\AppData\Roaming\CGV2p1WH4K4lKl
2015-08-17 06:01 - 2015-08-17 06:01 - 0000000 _____ () C:\Users\GenesisQ\AppData\Local\{98C021FE-572F-4FE4-AF56-097D1B1875C2}
2015-07-24 20:21 - 2015-07-24 20:21 - 0000000 _____ () C:\Users\GenesisQ\AppData\Local\{CC4F86F3-11D8-416C-B6EB-38A5770EDAEC}
2013-01-26 16:42 - 2013-01-26 16:42 - 0510976 _____ () C:\ProgramData\DRV10.tmp
2013-01-26 16:42 - 2013-01-26 16:42 - 9891840 _____ (OEM) C:\ProgramData\E1010.tmp
2013-01-26 16:56 - 2013-01-26 16:56 - 0000157 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\GenesisQ\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 16:16

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité