cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-10-2015
Ran by DGMG (administrator) on DGMG-PC (30-10-2015 21:26:23)
Running from C:\Users\DGMG\Desktop
Loaded Profiles: DGMG (Available Profiles: DGMG)
Platform: Windows 7 Ultimate (X64) Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() D:\Rockstar Games\GTA San Andreas\samp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-04-20] (Caixa Economica Federal)
HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\...\MountPoints2: {11dfee67-8e7a-11e4-bbd0-e006e6fba096} - G:\Autorun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1824608 2015-04-20] (Caixa Economica Federal)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 189.4.128.66 189.4.128.61
Tcpip\..\Interfaces\{07EA9767-B35A-446D-9709-E8C66C12463D}: [DhcpNameServer] 189.4.128.66 189.4.128.61
Tcpip\..\Interfaces\{27E8D753-A8BD-43A3-A2FB-05867192C01C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-09] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-03-08] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-04-20] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-09] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\DGMG\AppData\Roaming\Mozilla\Firefox\Profiles\6c8g7acm.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\DGMG\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\DGMG\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.709 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2010-03-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.709 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2010-03-14] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4229556657-2947169687-2928337755-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DGMG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4229556657-2947169687-2928337755-1000: gastecnologia.com.br/sf/cef -> C:\Users\DGMG\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4229556657-2947169687-2928337755-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\DGMG\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-01-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-01-23]
FF HKU\S-1-5-21-4229556657-2947169687-2928337755-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\DGMG\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\DGMG\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-07-07] [not signed]

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-10]
CHR Extension: (Google Docs) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Google Drive) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-10]
CHR Extension: (Documentos Google off-line) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\DGMG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [565560 2015-01-20] (GAS Tecnologia)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-23] (GAS Tecnologia LTDA)
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 21:26 - 2015-10-30 21:26 - 00013400 _____ C:\Users\DGMG\Desktop\FRST.txt
2015-10-30 21:25 - 2015-10-30 21:26 - 00000000 ____D C:\FRST
2015-10-30 21:25 - 2015-10-30 21:25 - 02198016 _____ (Farbar) C:\Users\DGMG\Desktop\FRST64.exe
2015-10-30 21:24 - 2015-10-30 21:25 - 02198016 _____ (Farbar) C:\Users\DGMG\Downloads\FRST64.exe
2015-10-30 18:12 - 2015-10-30 18:12 - 01961984 _____ C:\Users\DGMG\ZHPDiag3.exe
2015-10-30 18:06 - 2015-10-30 18:06 - 00003418 _____ C:\Windows\System32\Tasks\SteamClient
2015-10-30 17:52 - 2015-10-30 18:16 - 00000818 _____ C:\Users\DGMG\Desktop\ZHPDiag.lnk
2015-10-30 17:52 - 2015-10-30 18:16 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\ZHP
2015-10-30 17:52 - 2015-10-30 17:51 - 01960960 _____ C:\Users\DGMG\Desktop\ZHPDiag3.exe
2015-10-30 17:51 - 2015-10-30 17:51 - 01960960 _____ C:\Users\DGMG\Downloads\ZHPDiag3.exe
2015-10-30 16:12 - 2015-10-30 16:35 - 00000000 ____D C:\Windows\system32\MRT
2015-10-30 16:12 - 2015-10-02 12:09 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-30 12:18 - 2015-10-30 12:26 - 00002444 _____ C:\Windows\IE11_main.log
2015-10-30 12:16 - 2015-10-30 12:17 - 58491088 _____ (Microsoft Corporation) C:\Users\DGMG\Downloads\IE11-Windows6.1-x64-pt-br.exe
2015-10-29 22:49 - 2015-10-29 22:49 - 00000000 ____D C:\Users\DGMG\Desktop\AWM L115A1
2015-10-29 22:48 - 2015-10-29 22:48 - 01707831 _____ C:\Users\DGMG\Downloads\1285591134_AWML115A1.rar
2015-10-29 22:39 - 2015-10-29 22:40 - 21029664 _____ C:\Users\DGMG\Downloads\Sniper Pack.rar
2015-10-29 20:18 - 2015-10-29 20:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-29 20:17 - 2015-10-29 20:17 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-29 20:17 - 2015-10-29 20:17 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-10-29 20:17 - 2015-10-29 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-29 20:17 - 2015-10-29 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-29 20:17 - 2015-10-29 20:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-29 20:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-29 20:17 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-29 20:17 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-29 20:16 - 2015-10-29 20:16 - 22908888 _____ (Malwarebytes ) C:\Users\DGMG\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-29 12:46 - 2015-10-29 12:46 - 00002931 _____ C:\Users\DGMG\Desktop\HiJackThis.lnk
2015-10-29 12:46 - 2015-10-29 12:46 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-10-29 12:46 - 2015-10-29 12:46 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-10-29 12:44 - 2015-10-29 12:44 - 01402880 _____ C:\Users\DGMG\Downloads\HijackThis.msi
2015-10-26 22:36 - 2015-10-27 19:36 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\Steam
2015-10-26 22:36 - 2015-10-26 22:36 - 00000000 ____D C:\Users\DGMG\AppData\LocalLow\South East Games
2015-10-26 22:34 - 2015-10-29 12:41 - 00000000 ____D C:\Program Files (x86)\Paint the Town Red
2015-10-26 16:18 - 2015-10-26 16:19 - 00304582 _____ C:\Users\DGMG\Downloads\1379851596_GTA V Siren.zip
2015-10-26 16:14 - 2015-10-26 16:14 - 00142255 _____ C:\Users\DGMG\Downloads\1423608075_Sirene_da_Policia_de_Sao_Paulo.rar
2015-10-26 16:14 - 2015-02-10 20:40 - 00000000 ____D C:\Users\DGMG\Desktop\Bank_68
2015-10-25 16:29 - 2012-07-08 22:15 - 00000000 ____D C:\Users\DGMG\Desktop\Battlefield 3 sounds for GTA SA by Xer0
2015-10-25 16:24 - 2015-10-25 16:24 - 01816805 _____ C:\Users\DGMG\Downloads\Battlefield 3 sounds for GTA SA by Xer0.rar
2015-10-17 01:28 - 2015-10-17 01:28 - 00188375 _____ C:\Users\DGMG\Downloads\PACK DE SOND PRIVATE PM-LS.rar
2015-10-14 20:29 - 2015-09-18 14:49 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 20:29 - 2015-09-18 14:47 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 20:29 - 2015-09-18 14:47 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 20:29 - 2015-09-18 14:47 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 20:29 - 2015-09-18 14:47 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 20:29 - 2015-09-18 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 20:29 - 2015-09-18 14:41 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 00:33 - 2015-10-13 00:33 - 00191105 _____ C:\Users\DGMG\Downloads\GTA_SA_Siren_Mod.rar
2015-10-12 19:24 - 2015-10-12 19:33 - 00000000 ____D C:\Users\DGMG\Desktop\Alci_s_SAAT_GUI_FrontEnd_1.0
2015-10-12 19:24 - 2015-10-12 19:24 - 00000000 ____D C:\Users\DGMG\Desktop\Sounds iL
2015-10-12 19:21 - 2015-10-12 19:23 - 04656271 _____ C:\Users\DGMG\Desktop\Sounds iL.rar
2015-10-12 19:14 - 2015-10-12 19:14 - 05397129 _____ C:\Users\DGMG\Desktop\Alcis_SAAT_GUI_FrontEnd_1.0 (1).rar
2015-10-11 01:17 - 2015-10-11 01:20 - 00000000 ____D C:\Users\DGMG\AppData\Local\Ubisoft Game Launcher
2015-10-11 01:17 - 2015-10-11 01:20 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-10-11 01:15 - 2015-10-11 01:16 - 67153848 _____ (Ubisoft) C:\Users\DGMG\Downloads\UplayInstaller.exe
2015-10-05 17:06 - 2015-10-05 19:28 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\Hot Keyboard
2015-10-05 00:19 - 2015-10-05 00:19 - 00000000 ____D C:\Users\DGMG\Desktop\runtime
2015-10-05 00:18 - 2015-10-12 15:33 - 00000000 ____D C:\Users\DGMG\Desktop\game
2015-10-04 19:10 - 2015-10-04 19:10 - 00812463 _____ C:\Users\DGMG\Downloads\EfeitosLAGReduzidos(nm-gtamods) (1).rar
2015-10-04 18:54 - 2015-10-04 18:54 - 00006882 _____ C:\Users\DGMG\Downloads\Stream.ini Extensor [kingmodssa].rar
2015-10-04 18:40 - 2015-10-04 18:40 - 00812463 _____ C:\Users\DGMG\Downloads\EfeitosLAGReduzidos(nm-gtamods).rar
2015-10-04 18:34 - 2015-10-04 18:37 - 00000000 ____D C:\Users\DGMG\Desktop\Alci's IMG Editor 1.5 [www.modsgtasa.com.br]
2015-10-04 18:34 - 2015-10-04 18:33 - 206218782 _____ C:\Users\DGMG\Desktop\Snow File..rar
2015-10-04 18:24 - 2015-10-04 18:24 - 02723103 _____ C:\Users\DGMG\Downloads\Alcis_IMG_Editor_1.5_www.modsgtasa.com.br].rar
2015-10-04 18:23 - 2015-10-04 18:33 - 206218782 _____ C:\Users\DGMG\Downloads\Snow File..rar
2015-10-02 00:05 - 2015-10-02 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-10-01 13:25 - 2015-10-01 13:25 - 00000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 21:23 - 2014-11-02 13:51 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-30 21:11 - 2015-07-13 20:02 - 00000000 ____D C:\Users\DGMG\AppData\LocalLow\raidcall
2015-10-30 20:20 - 2014-12-22 11:38 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2015-10-30 19:19 - 2014-11-02 11:55 - 01337867 _____ C:\Windows\WindowsUpdate.log
2015-10-30 19:00 - 2014-12-22 11:38 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-4229556657-2947169687-2928337755-1000.job
2015-10-30 18:48 - 2014-11-02 18:08 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\Skype
2015-10-30 18:12 - 2014-11-02 13:13 - 00000000 ____D C:\Users\DGMG
2015-10-30 18:12 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-30 18:12 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-30 18:05 - 2015-07-07 23:30 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-10-30 18:05 - 2015-05-11 22:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-30 18:05 - 2014-11-02 13:51 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-30 18:05 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-30 18:05 - 2009-07-14 02:51 - 00061775 _____ C:\Windows\setupact.log
2015-10-30 12:11 - 2014-11-02 13:56 - 00011580 _____ C:\Windows\PFRO.log
2015-10-29 22:02 - 2009-07-14 05:46 - 00000000 ____D C:\Windows\ShellNew
2015-10-29 21:58 - 2014-11-03 21:46 - 00000000 ____D C:\Users\Todos os Usuários\APN
2015-10-29 21:58 - 2014-11-03 21:46 - 00000000 ____D C:\ProgramData\APN
2015-10-29 12:47 - 2014-11-02 13:13 - 00000000 ____D C:\Users\DGMG\AppData\Local\VirtualStore
2015-10-28 23:37 - 2014-12-22 11:39 - 00000000 ____D C:\Users\DGMG\Documents\Lightshot
2015-10-28 19:00 - 2015-07-09 21:57 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\.minecraft
2015-10-26 22:48 - 2014-11-03 21:45 - 00000000 ____D C:\Users\DGMG\AppData\Roaming\uTorrent
2015-10-26 14:39 - 2009-07-18 03:15 - 00004464 _____ C:\Windows\system32\prfh0416.dat
2015-10-26 14:39 - 2009-07-18 03:15 - 00004272 _____ C:\Windows\system32\prfc0416.dat
2015-10-26 14:39 - 2009-07-14 03:13 - 00778878 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-23 13:24 - 2014-11-02 13:51 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 12:40 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-16 13:59 - 2015-01-06 15:33 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-16 13:59 - 2014-11-02 18:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 13:19 - 2014-11-02 14:17 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-10-15 13:19 - 2014-11-02 14:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-15 13:18 - 2009-07-14 00:34 - 00000478 _____ C:\Windows\win.ini
2015-10-15 13:15 - 2015-04-15 04:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 13:15 - 2015-04-15 04:19 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-12 11:58 - 2009-07-14 03:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-08 13:48 - 2015-05-11 22:44 - 00000000 ____D C:\Users\DGMG\AppData\Local\Steam
2015-10-05 19:22 - 2015-07-13 20:02 - 00000000 ____D C:\Program Files (x86)\RaidCall.BR
2015-10-05 00:17 - 2015-06-17 16:23 - 00000000 ____D C:\Users\DGMG\Desktop\Desnecessário
2015-10-02 00:05 - 2014-12-22 11:38 - 00003258 _____ C:\Windows\System32\Tasks\update-S-1-5-21-4229556657-2947169687-2928337755-1000
2015-10-02 00:05 - 2014-12-22 11:38 - 00000424 _____ C:\Users\DGMG\AppData\Local\UserProducts.xml
2015-10-01 14:35 - 2015-07-27 18:29 - 00000000 ____D C:\Users\DGMG\AppData\LocalLow\RCTW
2015-09-30 21:42 - 2014-12-23 12:15 - 00000000 ____D C:\Users\DGMG\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2015-07-07 23:41 - 2015-07-07 23:41 - 0017906 _____ () C:\Users\DGMG\AppData\Roaming\unins000.dat
2015-07-07 23:41 - 2015-07-07 23:40 - 0730322 _____ () C:\Users\DGMG\AppData\Roaming\unins000.exe
2014-12-22 11:38 - 2014-12-22 11:38 - 0000003 _____ () C:\Users\DGMG\AppData\Local\updater.log
2014-12-22 11:38 - 2015-10-02 00:05 - 0000424 _____ () C:\Users\DGMG\AppData\Local\UserProducts.xml
2014-12-28 08:17 - 2014-12-28 08:17 - 0017408 _____ () C:\Users\DGMG\AppData\Local\WebpageIcons.db

Files to move or delete:
====================
C:\Users\DGMG\ZHPDiag3.exe


Some files in TEMP:
====================
C:\Users\DGMG\AppData\Local\Temp\83D75989b344.exe
C:\Users\DGMG\AppData\Local\Temp\InstallIMVU_518.0.exe
C:\Users\DGMG\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\DGMG\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\DGMG\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-22 09:31

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité