cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Usuario (administrator) on USUARIO-PC (09-09-2015 12:10:55)
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [537896 2008-07-11] (Dell)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [X]
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehCef.dll No File [ ]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [NameServer] 189.38.95.95,189.38.95.96
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> DefaultScope {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {93F0317E-3C5A-41EB-B53D-87FDDE46A9B5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehCef.dll No File

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
CHR Extension: (Google Sheets) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [9856 2007-04-19] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-15] (REALiX(tm))
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-06-20] (GAS Tecnologia)
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)
U5 GbpKm; C:\Windows\System32\Drivers\GbpKm.sys [46552 2014-11-03] (GAS Tecnologia)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 12:10 - 2015-09-09 12:17 - 00009161 _____ C:\Users\Usuario\Downloads\FRST.txt
2015-09-09 11:54 - 2015-09-09 11:55 - 00000000 ____D C:\Users\Usuario\Downloads\FRST-OlderVersion
2015-09-09 11:41 - 2015-09-09 11:41 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-09 11:41 - 2015-09-09 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-09 11:36 - 2015-09-09 11:36 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0eb0ce95c3d49.job
2015-09-09 11:36 - 2015-09-09 11:36 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 10:20 - 2015-09-03 14:19 - 00017708 _____ C:\zoek-results2015-09-03-171925.log
2015-09-03 15:35 - 2015-09-03 18:04 - 00000000 ____D C:\Users\Usuario\Downloads\DENTISTAS
2015-09-03 14:38 - 2015-09-03 14:38 - 00703448 _____ (Opera Software) C:\Users\Usuario\Downloads\Opera_NI_stable.exe
2015-09-03 14:09 - 2015-09-09 10:32 - 00005164 _____ C:\zoek-results.log
2015-09-03 14:06 - 2015-09-03 14:07 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe
2015-09-03 09:24 - 2015-09-09 10:23 - 00000000 ____D C:\zoek_backup
2015-09-02 14:07 - 2015-09-03 11:31 - 00000000 ____D C:\Users\Usuario\Downloads\ComIntRepair
2015-09-02 11:37 - 2015-09-03 11:31 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software
2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software
2015-09-02 11:13 - 2015-09-09 10:37 - 00000000 ____D C:\Program Files\Opera
2015-09-02 11:05 - 2015-09-02 11:05 - 00009565 _____ C:\Users\Usuario\Documents\favoritos_02_09_15.html
2015-09-02 10:10 - 2015-09-03 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-08-31 18:24 - 2015-08-31 18:24 - 00007605 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2015-08-31 17:09 - 2015-09-09 12:11 - 00000000 ____D C:\FRST
2015-08-31 17:07 - 2015-09-09 11:54 - 01692160 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ProductData
2015-08-26 11:11 - 2015-09-09 11:32 - 00003166 _____ C:\Windows\PFRO.log
2015-08-25 11:08 - 2015-06-15 21:40 - 02531544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-08-25 10:24 - 2015-09-03 11:31 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-08-23 13:36 - 2015-09-09 11:32 - 00004570 _____ C:\Windows\setupact.log
2015-08-23 13:36 - 2015-08-23 13:36 - 00000000 _____ C:\Windows\setuperr.log
2015-08-13 10:08 - 2015-09-09 11:35 - 00781142 _____ C:\Windows\WindowsUpdate.log
2015-08-13 10:06 - 2015-09-09 11:35 - 00000000 ____D C:\Users\Usuario\AppData\Local\Apps\2.0
2015-08-10 12:26 - 2015-08-10 12:26 - 00000000 ____D C:\Windows\pss
2015-08-10 12:05 - 2015-08-10 12:05 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-10 12:05 - 2015-08-10 12:05 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-10 12:05 - 2015-08-10 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-10 12:05 - 2015-08-10 12:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 11:41 - 2015-06-10 21:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google
2015-09-09 11:40 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 11:40 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-09 11:36 - 2015-06-10 21:55 - 00000000 ____D C:\Program Files\Google
2015-09-09 11:36 - 2015-06-10 21:53 - 00000000 ____D C:\Users\Usuario\AppData\Local\Deployment
2015-09-09 11:32 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 17:27 - 2010-11-20 23:33 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2015-09-07 17:27 - 2010-11-20 23:33 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2015-09-07 17:27 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-06 16:41 - 2015-06-11 19:19 - 00061361 _____ C:\Windows\FontData.fdb
2015-09-06 10:44 - 2015-06-13 21:51 - 00000000 ____D C:\Users\Usuario\Downloads\Nado
2015-09-03 11:41 - 2015-06-09 20:26 - 00000000 ____D C:\Users\Usuario
2015-09-03 11:31 - 2015-06-11 18:28 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2015-09-03 11:31 - 2015-06-11 18:28 - 00000000 ____D C:\ProgramData\Protexis
2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-03 11:31 - 2015-06-10 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-03 11:31 - 2010-11-20 23:33 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\AppCompat
2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-03 11:30 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration
2015-09-03 11:27 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-03 11:23 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-31 11:23 - 2015-06-10 17:28 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\vlc
2015-08-26 15:24 - 2015-06-11 20:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2015-08-26 12:17 - 2015-06-10 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-08-25 11:36 - 2009-07-14 01:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 11:33 - 2015-06-27 12:19 - 00000000 ____D C:\Windows\system32\RTCOM
2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities
2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\Program Files\SiS VGA Utilities
2015-08-25 11:33 - 2015-06-10 17:26 - 00000000 ____D C:\Program Files\MPC-HC
2015-08-25 11:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2015-08-19 12:50 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-14 19:23 - 2015-07-30 19:33 - 00000000 ____D C:\Program Files\Recuva
2015-08-14 15:43 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system
2015-08-13 12:11 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini
2015-08-11 10:24 - 2015-06-10 21:49 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-08-11 10:24 - 2015-06-10 21:49 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-08-31 18:24 - 2015-08-31 18:24 - 0007605 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2015-06-15 21:43 - 2015-06-15 21:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-02 08:38

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité