cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Usuario (administrator) on USUARIO-PC (28-09-2015 13:12:28)
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files\Opera\32.0.1948.25\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [537896 2008-07-11] (Dell)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [NameServer] 189.38.95.95,189.38.95.96
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> DefaultScope {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {93F0317E-3C5A-41EB-B53D-87FDDE46A9B5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [9856 2007-04-19] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-15] (REALiX(tm))
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-28 13:11 - 2015-09-28 13:12 - 00008614 _____ C:\Users\Usuario\Desktop\FRST.txt
2015-09-28 13:09 - 2015-09-28 13:10 - 01696256 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe
2015-09-24 12:27 - 2015-09-28 12:00 - 00000168 _____ C:\Windows\setupact.log
2015-09-24 12:27 - 2015-09-24 12:27 - 00000000 _____ C:\Windows\setuperr.log
2015-09-18 20:44 - 2015-09-18 20:44 - 00021504 ____H C:\Users\Usuario\Desktop\photothumb.db
2015-09-16 19:51 - 2015-09-16 20:09 - 00000000 ____D C:\Users\Usuario\Documents\APOMETRIA CRISTICA
2015-09-16 15:49 - 2015-09-16 21:54 - 00000000 ____D C:\Users\Usuario\AppData\Local\ToolwizCareFree
2015-09-16 15:49 - 2015-09-16 21:54 - 00000000 ____D C:\Program Files\ToolwizCareFree
2015-09-16 15:49 - 2015-09-16 15:49 - 00000000 ___HD C:\TOOLWIZ
2015-09-16 14:13 - 2015-09-16 14:13 - 00000000 ____D C:\_OTS
2015-09-15 18:16 - 2015-09-15 18:16 - 00002178 _____ C:\DelFix.txt
2015-09-15 18:16 - 2015-09-15 18:16 - 00000000 ____D C:\Windows\ERUNT
2015-09-15 11:17 - 2015-09-15 11:17 - 00001297 _____ C:\Users\Usuario\Desktop\Opera.lnk
2015-09-13 15:12 - 2015-09-15 11:10 - 00000000 ____D C:\Users\Usuario\Downloads\Metalfly Aviação Experimental_files
2015-09-13 15:12 - 2015-09-13 15:12 - 00568413 _____ C:\Users\Usuario\Downloads\Metalfly Aviação Experimental.html
2015-09-11 12:56 - 2015-09-24 18:26 - 00000000 ____D C:\Users\Usuario\Downloads\Originals
2015-09-10 10:23 - 2015-09-10 10:23 - 00000000 ____D C:\Users\Todos os Usuários\Auslogics
2015-09-10 10:23 - 2015-09-10 10:23 - 00000000 ____D C:\ProgramData\Auslogics
2015-09-10 10:21 - 2015-09-10 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-09-10 10:21 - 2015-09-10 10:23 - 00000000 ____D C:\Program Files\Auslogics
2015-09-10 10:15 - 2015-09-10 10:15 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2015-09-10 10:15 - 2015-09-10 10:15 - 00000000 ____D C:\Program Files\VS Revo Group
2015-09-10 10:14 - 2015-09-10 10:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe
2015-09-03 15:35 - 2015-09-11 12:35 - 00000000 ____D C:\Users\Usuario\Downloads\DENTISTAS
2015-09-03 14:38 - 2015-09-03 14:38 - 00703448 _____ (Opera Software) C:\Users\Usuario\Downloads\Opera_NI_stable.exe
2015-09-02 14:07 - 2015-09-03 11:31 - 00000000 ____D C:\Users\Usuario\Downloads\ComIntRepair
2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software
2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software
2015-09-02 11:13 - 2015-09-17 09:55 - 00000000 ____D C:\Program Files\Opera
2015-09-02 11:05 - 2015-09-02 11:05 - 00009565 _____ C:\Users\Usuario\Documents\favoritos_02_09_15.html
2015-09-02 10:10 - 2015-09-03 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-08-31 18:24 - 2015-08-31 18:24 - 00007605 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2015-08-31 17:09 - 2015-09-28 13:12 - 00000000 ____D C:\FRST
2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ProductData

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-28 12:09 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-28 12:09 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-28 12:03 - 2015-08-13 10:08 - 00828588 _____ C:\Windows\WindowsUpdate.log
2015-09-28 12:00 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 14:14 - 2015-07-14 16:28 - 00147456 ____H C:\Users\Usuario\Downloads\photothumb.db
2015-09-24 18:28 - 2015-06-11 20:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2015-09-19 14:25 - 2010-11-20 23:33 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2015-09-19 14:25 - 2010-11-20 23:33 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2015-09-19 14:25 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 21:56 - 2015-06-09 20:26 - 00000000 ____D C:\Users\Usuario
2015-09-16 21:54 - 2015-06-10 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-16 21:54 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration
2015-09-15 11:16 - 2015-06-10 21:55 - 00000000 ____D C:\Program Files\Google
2015-09-15 11:10 - 2015-06-12 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-15 11:10 - 2015-06-12 11:46 - 00000000 ____D C:\Program Files\CCleaner
2015-09-15 11:10 - 2015-06-11 18:28 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2015-09-15 11:10 - 2015-06-11 18:28 - 00000000 ____D C:\ProgramData\Protexis
2015-09-13 21:09 - 2015-06-13 21:51 - 00000000 ____D C:\Users\Usuario\Downloads\Nado
2015-09-10 20:00 - 2015-06-25 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-10 20:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-09 11:41 - 2015-06-10 21:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2015-09-09 11:36 - 2015-06-10 21:53 - 00000000 ____D C:\Users\Usuario\AppData\Local\Deployment
2015-09-09 11:35 - 2015-08-13 10:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\Apps\2.0
2015-09-06 16:41 - 2015-06-11 19:19 - 00061361 _____ C:\Windows\FontData.fdb
2015-09-03 11:31 - 2015-08-25 10:24 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-03 11:31 - 2010-11-20 23:33 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\AppCompat
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-03 11:27 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-03 11:23 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-31 11:23 - 2015-06-10 17:28 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2015-08-31 18:24 - 2015-08-31 18:24 - 0007605 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2015-06-15 21:43 - 2015-06-15 21:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-22 13:26

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité