cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Usuario (administrator) on USUARIO-PC (09-11-2015 12:26:50)
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Dell) C:\Program Files\Battery Meter\BTMeter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [537896 2008-07-11] (Dell)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> DefaultScope {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {93F0317E-3C5A-41EB-B53D-87FDDE46A9B5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-10-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [9856 2007-04-19] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-15] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 12:26 - 2015-11-09 12:27 - 00009198 _____ C:\Users\Usuario\Downloads\FRST.txt
2015-11-09 12:25 - 2015-11-09 12:26 - 01702400 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2015-11-09 11:21 - 2015-11-09 11:21 - 00000056 _____ C:\Windows\setupact.log
2015-11-09 11:21 - 2015-11-09 11:21 - 00000000 _____ C:\Windows\setuperr.log
2015-11-05 18:15 - 2015-11-05 18:15 - 01873408 _____ C:\Users\Usuario\ZHPCleaner.exe
2015-10-29 19:34 - 2015-11-05 18:15 - 00000681 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2015-10-29 19:34 - 2015-11-05 18:14 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2015-10-29 19:30 - 2015-10-29 19:30 - 01869824 _____ C:\Users\Usuario\Downloads\ZHPCleaner.exe
2015-10-29 19:22 - 2015-10-29 19:31 - 00000000 ____D C:\AdwCleaner
2015-10-29 19:21 - 2015-10-29 19:21 - 01694208 _____ C:\Users\Usuario\Downloads\adwcleaner_5.015.exe
2015-10-27 18:20 - 2015-10-27 18:20 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Macromedia
2015-10-27 18:19 - 2015-11-09 11:52 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-27 18:19 - 2015-10-27 18:19 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-27 18:19 - 2015-10-27 18:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-27 18:19 - 2015-10-27 18:19 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-24 15:50 - 2015-10-24 15:50 - 00000000 ____D C:\Program Files\Pinterest
2015-10-22 11:38 - 2015-10-24 13:09 - 00000000 ____D C:\Users\Usuario\Documents\GRABOVOI
2015-10-21 12:29 - 2015-10-21 12:29 - 00000000 ____D C:\Users\Usuario\Downloads\Originals
2015-10-20 18:12 - 2015-10-20 18:21 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-20 18:12 - 2015-10-20 18:12 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-20 18:12 - 2015-10-20 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-20 18:12 - 2015-10-20 18:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-20 18:12 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-20 18:12 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-20 18:12 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-20 18:05 - 2015-10-20 18:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe
2015-10-19 21:28 - 2015-10-19 21:29 - 05952624 _____ ( ) C:\Users\Usuario\Downloads\adblockplusie-1.2.exe
2015-10-19 19:35 - 2015-10-19 19:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 12:26 - 2015-08-31 18:09 - 00000000 ____D C:\FRST
2015-11-09 11:32 - 2009-07-14 02:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-09 11:32 - 2009-07-14 02:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-09 11:26 - 2015-09-02 12:13 - 00000000 ____D C:\Program Files\Opera
2015-11-09 11:26 - 2010-11-21 00:33 - 00708172 _____ C:\Windows\system32\prfh0416.dat
2015-11-09 11:26 - 2010-11-21 00:33 - 00147952 _____ C:\Windows\system32\prfc0416.dat
2015-11-09 11:26 - 2010-11-20 19:01 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-09 11:24 - 2015-08-13 11:08 - 00929538 _____ C:\Windows\WindowsUpdate.log
2015-11-09 11:21 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-08 17:54 - 2015-06-11 21:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape
2015-11-08 16:19 - 2015-07-14 17:28 - 00121856 ____H C:\Users\Usuario\Downloads\photothumb.db
2015-11-05 18:15 - 2015-06-09 21:26 - 00000000 ____D C:\Users\Usuario
2015-11-04 19:18 - 2015-09-03 16:35 - 00000000 ____D C:\Users\Usuario\Downloads\DENTISTAS
2015-10-29 19:05 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2015-10-20 12:46 - 2015-07-29 21:11 - 00000000 ____D C:\Program Files\DsNET Corp
2015-10-19 21:27 - 2015-07-29 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-10-19 19:39 - 2015-09-10 11:15 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk
2015-10-19 19:39 - 2015-09-10 11:15 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-17 10:42 - 2015-09-30 11:16 - 00000000 ____D C:\Qoobox
2015-10-17 10:42 - 2015-09-15 19:16 - 00000369 _____ C:\DelFix.txt
2015-10-17 10:39 - 2015-06-12 15:19 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\IObit
2015-10-17 10:39 - 2015-06-12 12:46 - 00000000 ____D C:\Program Files\CCleaner
2015-10-17 10:39 - 2015-06-11 19:28 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2015-10-17 10:39 - 2015-06-11 19:28 - 00000000 ____D C:\ProgramData\Protexis
2015-10-17 10:39 - 2015-06-11 18:55 - 00000000 ____D C:\Program Files\Battery Meter
2015-10-17 10:39 - 2015-06-10 21:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-17 10:39 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2015-10-17 10:39 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\AppCompat
2015-10-17 10:38 - 2015-09-30 11:15 - 00000000 ____D C:\Windows\erdnt
2015-10-17 10:38 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\registration
2015-10-17 10:37 - 2015-06-10 23:02 - 00000000 ____D C:\Program Files\Foxit Software

==================== Files in the root of some directories =======

2015-08-31 19:24 - 2015-08-31 19:24 - 0007605 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2015-06-15 22:43 - 2015-06-15 22:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Usuario\ZHPCleaner.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 15:05

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité