cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by PC SOBRESSALENTE (administrator) on PCSOBRESSALENTE (05-10-2015 21:07:10)
Running from C:\Users\PC SOBRESSALENTE\Desktop
Loaded Profiles: PC SOBRESSALENTE (Available Profiles: PC SOBRESSALENTE)
Platform: Windows 7 Home Premium (X64) Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-20] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-2201604522-913026945-3012054626-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-08-17] (Glarysoft Ltd)
HKU\S-1-5-21-2201604522-913026945-3012054626-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-03-29]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 192.168.0.112 NPI3A4330
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{215A8C31-C89B-4A08-8FA2-1D92578CA15B}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{22FE1774-BAFC-44FE-8080-5FE47E4B38CC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BE6D8C23-A9E8-4F4E-B73D-9936947AADC5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN&q={searchTerms}
HKU\S-1-5-21-2201604522-913026945-3012054626-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-2201604522-913026945-3012054626-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1430343103&from=cor&uid=ST3250318AS_6VY0APRN
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2201604522-913026945-3012054626-1000: gastecnologia.com.br/sf/uni -> C:\Users\PC SOBRESSALENTE\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-19]
CHR Extension: (YouTube) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Planilhas do Google) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-19]
CHR Extension: (Documentos Google off-line) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-13]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
CHR Extension: (Gmail) - C:\Users\PC SOBRESSALENTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-20] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-02-19] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-09-01] (Glarysoft Ltd)
R3 USB_Ethernet_Adaptor; C:\Windows\System32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-08] (Corechip Semiconductor, Inc. Co Ltd.)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-05-20] (Basil)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 21:07 - 2015-10-05 21:07 - 00014869 _____ C:\Users\PC SOBRESSALENTE\Desktop\FRST.txt
2015-10-05 21:06 - 2015-10-05 21:07 - 00000000 ____D C:\FRST
2015-10-05 21:05 - 2015-10-05 21:06 - 02193920 _____ (Farbar) C:\Users\PC SOBRESSALENTE\Desktop\FRST64.exe
2015-10-03 22:43 - 2015-10-03 22:43 - 00018628 _____ C:\Users\PC SOBRESSALENTE\Downloads\TURMA94GRDEENDTRODA.rar
2015-10-03 22:42 - 2015-10-03 22:42 - 00153376 _____ C:\Users\PC SOBRESSALENTE\Downloads\EXTERMDORFUTROGENYSIS (1).rar
2015-10-03 22:38 - 2015-10-03 22:38 - 00168911 _____ C:\Users\PC SOBRESSALENTE\Downloads\LIVRAINDOMAL (1).rar
2015-10-03 22:18 - 2015-10-03 22:18 - 00014874 _____ C:\Users\PC SOBRESSALENTE\Downloads\AMALDICOADADA.rar
2015-10-03 21:15 - 2015-10-03 21:15 - 210590583 _____ C:\Windows\MEMORY.DMP
2015-10-03 21:15 - 2015-10-03 21:15 - 00291512 _____ C:\Windows\Minidump\100315-26426-01.dmp
2015-10-03 21:15 - 2015-10-03 21:15 - 00000000 ____D C:\Windows\Minidump
2015-10-02 00:10 - 2010-03-04 18:05 - 00758272 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2015-10-02 00:10 - 2010-02-22 07:45 - 00010084 _____ C:\Windows\system32\Drivers\nvphy.bin
2015-10-02 00:04 - 2015-10-02 00:05 - 00004518 _____ C:\Windows\DPINST.LOG
2015-10-01 23:58 - 2015-10-02 00:12 - 00002346 _____ C:\Windows\PFRO.log
2015-10-01 23:56 - 2015-10-02 00:12 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2015-10-01 23:56 - 2015-10-02 00:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-01 23:56 - 2015-10-01 23:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-01 23:55 - 2015-10-01 23:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-01 23:53 - 2015-10-01 23:53 - 00000000 ____D C:\NVIDIA
2015-10-01 23:03 - 2015-10-01 23:13 - 239382288 _____ (NVIDIA Corporation ) C:\Users\PC SOBRESSALENTE\Downloads\15.56-nforce-winvista-win7-64bit-international-whql.exe
2015-10-01 22:56 - 2015-10-01 22:57 - 00001201 _____ C:\Windows\IE11_main.log
2015-09-30 22:03 - 2015-10-05 20:41 - 00000616 _____ C:\Windows\setupact.log
2015-09-30 22:03 - 2015-09-30 22:03 - 00000000 _____ C:\Windows\setuperr.log
2015-09-27 22:03 - 2015-09-27 22:03 - 00168911 _____ C:\Users\PC SOBRESSALENTE\Downloads\LIVRAINDOMAL.rar
2015-09-27 19:15 - 2015-09-27 19:15 - 00138570 _____ C:\Users\PC SOBRESSALENTE\Downloads\SOBRETURAL3.rar
2015-09-27 16:20 - 2015-09-27 16:20 - 00153376 _____ C:\Users\PC SOBRESSALENTE\Downloads\EXTERMDORFUTROGENYSIS.rar
2015-09-27 16:19 - 2015-09-27 16:19 - 00019030 _____ C:\Users\PC SOBRESSALENTE\Downloads\EXTERMDORFUTROGENYSISDA.rar
2015-09-23 19:02 - 2015-09-23 19:02 - 00002826 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-09-23 19:02 - 2015-09-23 19:02 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-23 19:02 - 2015-09-23 19:02 - 00000000 ____D C:\Program Files\CCleaner
2015-09-23 19:00 - 2015-09-23 19:00 - 05431152 _____ (Piriform Ltd) C:\Users\PC SOBRESSALENTE\Downloads\ccsetup509_slim.exe
2015-09-23 18:59 - 2015-09-23 18:59 - 01912160 _____ C:\Users\PC SOBRESSALENTE\Downloads\installer (1).zip
2015-09-23 18:57 - 2015-09-23 18:58 - 01912160 _____ C:\Users\PC SOBRESSALENTE\Downloads\installer.zip
2015-09-23 18:52 - 2015-09-23 18:52 - 00003358 _____ C:\Users\PC SOBRESSALENTE\Desktop\ZHPCleaner.txt
2015-09-23 18:47 - 2015-09-23 18:47 - 01964544 _____ C:\Users\PC SOBRESSALENTE\ZHPCleaner.exe
2015-09-20 22:18 - 2015-09-20 22:18 - 00163214 _____ C:\Users\PC SOBRESSALENTE\Downloads\NOCAUTEHDRIP (1).rar
2015-09-20 22:06 - 2015-09-20 22:06 - 00134442 _____ C:\Users\PC SOBRESSALENTE\Downloads\COPCAR.rar
2015-09-16 22:20 - 2015-09-16 22:20 - 00163214 _____ C:\Users\PC SOBRESSALENTE\Downloads\NOCAUTEHDRIP.rar
2015-09-12 12:58 - 2015-09-23 18:48 - 00000807 _____ C:\Users\PC SOBRESSALENTE\Desktop\ZHPCleaner.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 20:49 - 2009-07-14 01:45 - 00016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 20:49 - 2009-07-14 01:45 - 00016816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 20:48 - 2015-02-19 23:19 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-05 20:46 - 2015-02-24 00:20 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2015-10-05 20:46 - 2015-02-24 00:20 - 00000000 ____D C:\ProgramData\MFAData
2015-10-05 20:45 - 2015-02-28 21:47 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Roaming\vlc
2015-10-05 20:45 - 2015-02-19 22:56 - 00605678 _____ C:\Windows\WindowsUpdate.log
2015-10-05 20:42 - 2015-02-23 23:32 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-10-05 20:41 - 2015-02-19 23:19 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 20:41 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 23:55 - 2015-02-23 23:20 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Roaming\BitComet
2015-10-02 00:08 - 2015-02-28 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-01 23:56 - 2015-02-19 23:05 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Local\VirtualStore
2015-10-01 23:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Help
2015-09-30 23:50 - 2015-02-19 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-30 23:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-30 10:56 - 2009-07-14 14:55 - 00711448 _____ C:\Windows\system32\prfh0416.dat
2015-09-30 10:56 - 2009-07-14 14:55 - 00179212 _____ C:\Windows\system32\prfc0416.dat
2015-09-30 10:56 - 2009-07-14 02:13 - 00004566 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 10:53 - 2015-02-19 22:56 - 00000000 ____D C:\Users\PC SOBRESSALENTE
2015-09-30 10:52 - 2015-02-23 23:35 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Roaming\ZHP
2015-09-30 10:52 - 2015-02-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 10:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2015-09-30 10:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\AppCompat
2015-09-23 20:21 - 2007-01-01 00:20 - 00000000 ____D C:\Windows\Panther
2015-09-21 16:51 - 2015-02-28 19:26 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Roaming\TP-LINK
2015-09-19 17:38 - 2015-02-19 23:19 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Local\Google
2015-09-16 17:43 - 2015-02-19 23:19 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 17:43 - 2015-02-19 23:19 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 17:40 - 2015-02-24 00:23 - 00000987 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-16 17:40 - 2015-02-24 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-12 13:04 - 2015-02-24 00:20 - 00000000 ____D C:\Users\PC SOBRESSALENTE\AppData\Local\Avg2015
2015-09-12 12:19 - 2015-02-24 00:23 - 00000000 ____D C:\Users\Todos os Usuários\AVG2015
2015-09-12 12:19 - 2015-02-24 00:23 - 00000000 ____D C:\ProgramData\AVG2015
2015-09-12 01:26 - 2015-02-25 22:14 - 00000000 ____D C:\Users\Public\Documents\HP
2015-09-12 01:26 - 2009-07-14 15:11 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-12 01:26 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-05 22:51 - 2015-08-13 16:26 - 00000000 ____D C:\Users\PC SOBRESSALENTE\Desktop\Far From Alaska - modeHuman 2014

==================== Files in the root of some directories =======

2015-03-09 22:24 - 2015-03-09 22:24 - 0016132 _____ () C:\Users\PC SOBRESSALENTE\AppData\Roaming\unins000.dat
2015-07-04 23:10 - 2015-07-04 23:10 - 0007597 _____ () C:\Users\PC SOBRESSALENTE\AppData\Local\Resmon.ResmonCfg
2015-03-07 23:21 - 2015-03-07 23:21 - 0000227 _____ () C:\ProgramData\bc.ini
2015-02-25 22:09 - 2015-02-25 22:15 - 0000859 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\PC SOBRESSALENTE\ZHPCleaner.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 09:25

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité