cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:30-11-2015
Executado por samara bolzan (administrador) em SAMARA (01-12-2015 17:19:24)
Executando a partir de C:\Documents and Settings\samara bolzan\Desktop
Perfis Carregados: samara bolzan (Perfis Disponíveis: samara bolzan)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Arquivos de programas\ToolsUpdatePlatform\UpdatePlatform.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Nero AG) C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(pdfforge GmbH) C:\Arquivos de programas\PDF Architect 3\creator-ws.exe
() C:\Arquivos de programas\CalendarTool\2.0.0.10764\CalendarServ.exe
() C:\Arquivos de programas\CalendarTool\2.0.0.10764\calendar.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Arquivos de programas\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Arquivos de programas\Mozilla Firefox\firefox.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1645522239-152049171-725345543-1003\...\Run: [Google Update] => C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-1645522239-152049171-725345543-1003\...\Run: [DriverUpdaterPro] => C:\Arquivos de programas\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe [1018880 2015-07-01] ()
HKU\S-1-5-21-1645522239-152049171-725345543-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe -update activex
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Startup: C:\Documents and Settings\samara bolzan\Menu Iniciar\Programas\Inicializar\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk [2015-12-01]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2540 series.lnk -> C:\Arquivos de programas\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 168.235.146.56 52.26.172.153 168.235.146.56
Tcpip\..\Interfaces\{8D9C7FF5-E733-4DFB-890E-265B76CA6F3F}: [DhcpNameServer] 168.235.146.56 52.26.172.153 168.235.146.56

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=c1d5c2458f23a8c0e77d9122e88255a1
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=c1d5c2458f23a8c0e77d9122e88255a1
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
HKU\S-1-5-21-1645522239-152049171-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c167991
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtBtCyD0EtDyCyBzytD0CtByCtBtN0D0Tzu0StCtBzyyBtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyC0EtCzztD0FtBtGyByE0E0BtGtB0AzyzytGtDyE0ByDtG0EtBtA0EyCyCtBzy0AyDtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzzyDyD0CzyyDtGyB0AyD0CtGyEyD0CtCtG0BtA0EyCtG0DyBtC0AyCtDtBtAzz0ByD0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D134925962%26a%3Dwncy_secureddownload_15_31%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtBtCyD0EtDyCyBzytD0CtByCtBtN0D0Tzu0StCtBzyyBtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyC0EtCzztD0FtBtGyByE0E0BtGtB0AzyzytGtDyE0ByDtG0EtBtA0EyCyCtBzy0AyDtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzzyDyD0CzyyDtGyB0AyD0CtGyEyD0CtCtG0BtA0EyCtG0DyBtC0AyCtDtBtAzz0ByD0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D134925962%26a%3Dwncy_secureddownload_15_31%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-152049171-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtBtCyD0EtDyCyBzytD0CtByCtBtN0D0Tzu0StCtBzyyBtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyC0EtCzztD0FtBtGyByE0E0BtGtB0AzyzytGtDyE0ByDtG0EtBtA0EyCyCtBzy0AyDtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzzyDyD0CzyyDtGyB0AyD0CtGyEyD0CtCtG0BtA0EyCtG0DyBtC0AyCtDtBtAzz0ByD0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D134925962%26a%3Dwncy_secureddownload_15_31%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-152049171-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_31¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtBtCyD0EtDyCyBzytD0CtByCtBtN0D0Tzu0StCtBzyyBtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDyC0EtCzztD0FtBtGyByE0E0BtGtB0AzyzytGtDyE0ByDtG0EtBtA0EyCyCtBzy0AyDtAzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AzzyDyD0CzyyDtGyB0AyD0CtGyEyD0CtCtG0BtA0EyCtG0DyBtC0AyCtDtBtAzz0ByD0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D134925962%26a%3Dwncy_secureddownload_15_31%26os%3DWindows%2BXP&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-152049171-725345543-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1645522239-152049171-725345543-1003 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Arquivos de programas\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Toolbar: HKLM - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Arquivos de programas\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [2013-09-25] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\MSDAIPP.DLL [2010-02-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll [2010-04-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\samara bolzan\Dados de aplicativos\Mozilla\Firefox\Profiles\uim04mcp.default
FF Homepage: hxxps://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin: PDF Architect 3 -> C:\Arquivos de programas\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-1645522239-152049171-725345543-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-1645522239-152049171-725345543-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-25] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Arquivos de programas\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Arquivos de programas\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-08-26] [não assinado]

Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=IFwf5WYmROpt9jR0ImQZoQ%3D%3D%2CJFwS91EgV9li9Tl7KylL%2FH8M
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&fr=IFwf5WYmROpt9jR0ImQZoQ%3D%3D%2CJFwS91EgV9li9Tl7KylL%2FH8M"
CHR Profile: C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Documentos Google off-line) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
CHR Extension: (Gmail) - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]
StartMenuInternet: chrome.exe - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome - C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 gusvc; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-02-07] (Google)
S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [Arquivo não assinado]
S2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2003-04-18] () [Arquivo não assinado]
S4 MBAMScheduler; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [147624 2015-11-30] (Mozilla Foundation)
R2 Nero BackItUp Scheduler 4.0; C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [935208 2009-06-18] (Nero AG)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [Arquivo não assinado]
S3 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PDF Architect 3; C:\Arquivos de programas\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Arquivos de programas\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Arquivos de programas\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 TheCalendarService; C:\Arquivos de programas\CalendarTool\2.0.0.10764\CalendarServ.exe [149432 2015-07-21] ()
S3 WMPNetworkSvc; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [914944 2006-11-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43520 2006-07-02] (Advanced Micro Devices)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-05-27] (HP) [Arquivo não assinado]
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-05-27] (HP) [Arquivo não assinado]
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-05-27] (HP) [Arquivo não assinado]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-16] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-11] ()
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2006-10-17] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [46080 2007-05-21] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-05-21] (NVIDIA Corporation)
S4 IntelIde; não ImagePath
S0 ksxbidja; System32\drivers\exfv.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [46848 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
U1 WS2IFSL; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-01 17:19 - 2015-12-01 17:19 - 00019754 _____ C:\Documents and Settings\samara bolzan\Desktop\FRST.txt
2015-12-01 17:17 - 2015-12-01 17:17 - 00057339 _____ C:\Documents and Settings\samara bolzan\Desktop\Addition.txt
2015-12-01 17:17 - 2015-12-01 17:17 - 00056359 _____ C:\Documents and Settings\samara bolzan\Desktop\Shortcut.txt
2015-12-01 08:28 - 2015-12-01 17:19 - 00000000 ____D C:\FRST
2015-12-01 08:28 - 2015-12-01 08:28 - 01721344 _____ (Farbar) C:\Documents and Settings\samara bolzan\Desktop\FRST.exe
2015-11-30 19:21 - 2015-11-30 19:42 - 00000000 ____D C:\Arquivos de programas\Mozilla Firefox
2015-11-30 19:14 - 2015-11-30 19:14 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\samara bolzan\Desktop\HijackThis.exe
2015-11-30 19:10 - 2015-11-30 19:10 - 00000792 _____ C:\Documents and Settings\samara bolzan\Desktop\Mozilla Firefox.lnk
2015-11-30 15:45 - 2015-11-30 20:40 - 00000472 _____ C:\WINDOWS\Tasks\At4.job
2015-11-30 15:45 - 2015-11-30 15:45 - 00002041 _____ C:\Documents and Settings\All Users\Desktop\HP Deskjet 2540 series.lnk
2015-11-30 15:45 - 2015-11-30 15:45 - 00000472 _____ C:\WINDOWS\Tasks\At6.job
2015-11-30 15:45 - 2015-11-30 15:45 - 00000472 _____ C:\WINDOWS\Tasks\At5.job
2015-11-30 15:45 - 2015-11-30 15:45 - 00000472 _____ C:\WINDOWS\Tasks\At3.job
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Documents and Settings\samara bolzan\Dados de aplicativos\HpUpdate
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Visan
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\HP Photo Creations
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Arquivos de programas\Reference Assemblies
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Arquivos de programas\HP Photo Creations
2015-11-30 15:45 - 2015-11-30 15:45 - 00000000 ____D C:\Arquivos de programas\Hewlett-Packard
2015-11-30 15:45 - 2014-03-06 11:48 - 00597512 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMC211.dll
2015-11-30 15:44 - 2015-11-30 15:44 - 00000057 _____ C:\Documents and Settings\All Users\Dados de aplicativos\Ament.ini
2015-11-30 15:44 - 2006-06-29 13:07 - 00014048 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg2.dll
2015-11-30 15:38 - 2015-11-30 15:45 - 00000000 ____D C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\HP
2015-11-30 15:35 - 2012-12-15 22:43 - 00536760 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC211.dll
2015-11-30 15:35 - 2012-12-15 22:43 - 00271032 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkstsC211LM.dll
2015-11-30 15:35 - 2012-12-15 22:43 - 00222904 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoiC211.dll
2015-11-30 15:35 - 2012-12-15 20:45 - 02220216 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkinsC211.exe
2015-11-30 15:32 - 2012-12-15 22:43 - 02525368 ____R (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_DJ2540.dll
2015-11-30 15:32 - 2012-12-15 22:43 - 00417464 ____R (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_DJ2540.dll
2015-11-30 10:00 - 2015-11-30 10:00 - 00098747 _____ C:\Documents and Settings\samara bolzan\Desktop\Scanner.zip
2015-11-30 10:00 - 2015-11-30 03:59 - 00098615 _____ C:\Documents and Settings\samara bolzan\Desktop\bove.pdf
2015-11-29 19:24 - 2015-11-29 13:21 - 00039760 ____N C:\Documents and Settings\samara bolzan\Desktop\f. pont.(1).pdf
2015-11-29 19:22 - 2015-11-29 19:21 - 00039882 _____ C:\Documents and Settings\samara bolzan\Desktop\f.ponto (1).zip
2015-11-29 19:05 - 2015-11-04 11:32 - 04194304 _____ C:\Documents and Settings\samara bolzan\Desktop\S-1000_1.94.abs
2015-11-20 02:36 - 2015-10-02 21:37 - 04128768 _____ C:\Documents and Settings\samara bolzan\Desktop\MG3HD(Sat)_
2015-11-14 01:10 - 2015-11-14 01:10 - 00000000 ____D C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Adobe
2015-11-14 01:10 - 2015-11-14 01:10 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\ABBYY
2015-11-14 01:10 - 2015-11-14 01:10 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns\Adobe
2015-11-14 01:09 - 2015-11-14 01:09 - 00000000 ____D C:\Documents and Settings\samara bolzan\Meus documentos\Aiseesoft Studio
2015-11-14 01:09 - 2015-11-14 01:09 - 00000000 ____D C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\Aiseesoft Studio
2015-11-14 01:08 - 2015-11-14 01:08 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\Aiseesoft
2015-11-14 01:08 - 2015-11-14 01:08 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Aiseesoft Studio
2015-11-14 01:08 - 2015-11-14 01:08 - 00000000 ____D C:\Arquivos de programas\Aiseesoft Studio
2015-11-10 16:49 - 2015-11-10 16:49 - 02694245 _____ C:\Documents and Settings\samara bolzan\Desktop\gigabox s1000 hd-04-11-15-BY-PARCEIROS-DOS-DECOS.zip

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-01 17:19 - 2011-04-29 01:01 - 00000000 ____D C:\Documents and Settings\samara bolzan\Configurações locais\Temp
2015-12-01 17:18 - 2011-04-30 11:57 - 00001200 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-152049171-725345543-1003UA.job
2015-12-01 17:17 - 2011-04-28 21:27 - 00000000 ____D C:\WINDOWS
2015-12-01 17:14 - 2015-08-01 08:50 - 00000776 _____ C:\WINDOWS\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2015-12-01 17:14 - 2015-07-31 18:44 - 00000450 _____ C:\WINDOWS\Tasks\ToolsUpdatePlatform_ScheduledTask.job
2015-12-01 17:14 - 2015-07-21 09:41 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\ToolsUpdatePlatform
2015-12-01 17:14 - 2015-07-08 08:57 - 00000238 _____ C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job
2015-12-01 17:14 - 2011-04-29 01:09 - 00081496 _____ C:\WINDOWS\system32\nvapps.xml
2015-12-01 17:14 - 2011-04-29 00:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 08:46 - 2011-04-29 01:01 - 00000210 ___SH C:\Documents and Settings\samara bolzan\ntuser.ini
2015-12-01 08:46 - 2011-04-29 00:59 - 00032276 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-01 08:40 - 2015-08-01 08:50 - 00000642 _____ C:\WINDOWS\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job
2015-12-01 08:24 - 2011-04-28 21:41 - 00270984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-01 08:24 - 2001-10-28 15:07 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-30 22:06 - 2013-08-10 12:06 - 00000426 _____ C:\WINDOWS\Tasks\At1.job
2015-11-30 21:21 - 2013-08-02 19:47 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 20:01 - 2011-04-29 20:01 - 00000470 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{4B068AEE-FFF7-47C5-898B-B03204DAC31A}.job
2015-11-30 19:42 - 2015-08-22 11:21 - 00000000 ____D C:\Arquivos de programas\Mozilla Maintenance Service
2015-11-30 19:42 - 2011-04-28 21:42 - 00000000 ____D C:\Arquivos de programas
2015-11-30 15:51 - 2011-04-28 21:27 - 00000000 ____D C:\WINDOWS\Help
2015-11-30 15:47 - 2011-04-29 01:01 - 00000000 ___RD C:\Documents and Settings\samara bolzan\Menu Iniciar\Programas\Inicializar
2015-11-30 15:46 - 2011-04-28 21:27 - 00000000 ___HD C:\WINDOWS\inf
2015-11-30 15:45 - 2015-07-06 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\HP
2015-11-30 15:45 - 2011-04-30 00:26 - 00000000 ____D C:\Arquivos de programas\MSBuild
2015-11-30 15:45 - 2011-04-29 01:01 - 00000000 __RHD C:\Documents and Settings\samara bolzan\Dados de aplicativos
2015-11-30 15:45 - 2011-04-28 21:42 - 01293972 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 15:45 - 2011-04-28 21:42 - 00000000 __RHD C:\Documents and Settings\All Users\Dados de aplicativos
2015-11-30 15:45 - 2011-04-28 21:27 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2015-11-30 15:45 - 2011-04-28 21:27 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-30 15:45 - 2001-10-28 15:07 - 00574850 _____ C:\WINDOWS\system32\perfh016.dat
2015-11-30 15:45 - 2001-10-28 15:07 - 00096792 _____ C:\WINDOWS\system32\perfc016.dat
2015-11-30 15:44 - 2015-07-06 19:03 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\HP
2015-11-30 15:44 - 2015-07-06 19:03 - 00000000 ____D C:\Arquivos de programas\HP
2015-11-30 15:38 - 2011-04-29 01:01 - 00000000 ___HD C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos
2015-11-30 13:18 - 2011-04-30 11:57 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-152049171-725345543-1003Core.job
2015-11-23 04:47 - 2011-04-30 00:27 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-11-16 20:29 - 2015-07-06 19:10 - 00000000 ____D C:\Documents and Settings\samara bolzan\Dados de aplicativos\HP
2015-11-16 11:04 - 2015-10-16 11:24 - 00004766 ____N C:\Documents and Settings\samara bolzan\Desktop\ATT00001
2015-11-14 01:10 - 2011-04-28 21:42 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns
2015-11-14 01:09 - 2011-04-29 01:01 - 00000000 ___RD C:\Documents and Settings\samara bolzan\Meus documentos
2015-11-14 01:08 - 2011-04-28 21:42 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar\Programas
2015-11-12 21:18 - 2011-04-29 20:05 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2015-11-12 21:17 - 2015-07-07 20:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:09 - 2011-05-02 14:21 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 18:21 - 2013-08-02 19:47 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-10 18:21 - 2013-08-02 19:47 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

2013-12-24 16:06 - 2014-12-15 22:12 - 0000146 _____ () C:\Documents and Settings\samara bolzan\Dados de aplicativos\WB.CFG
2011-05-23 20:06 - 2015-09-03 10:41 - 0016896 _____ () C:\Documents and Settings\samara bolzan\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\explorer.exe
[2004-08-04 00:45] - [2008-04-13 20:21] - 0977920 ____A (Microsoft Corporation) 732946EEAA1D8EE2A4FC24370827617B

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité