cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:09-12-2015
Executado por Valdson Silva (administrador) em CASA-C7DFBA3E80 (11-12-2015 10:53:43)
Executando a partir de C:\Documents and Settings\Valdson Silva\Desktop
Perfis Carregados: Valdson Silva (Perfis Disponíveis: Valdson Silva & Administrador)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\ARQUIV~1\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Malwarebytes) C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Arquivos de programas\Alwil Software\Avast5\avastui.exe
(Piriform Ltd) C:\Arquivos de programas\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Arquivos de programas\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Arquivos de programas\Internet Explorer\iexplore.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [VTTimer] => VTTimer.exe
HKLM\...\Run: [S3Trayp] => S3trayp.exe
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [15961088 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [6133520 2015-11-07] (AVAST Software)
Winlogon\Notify\ GbPluginBnb: C:\Arquivos de programas\GbPlugin\gbiehBnb.dll [2015-01-26] (Banco do Nordeste do Brasil S.A.)
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-606747145-261903793-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Arquivos de programas\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399014} - C:\Arquivos de programas\GbPlugin\gbiehbnb.dll [1774256 2015-01-26] (Banco do Nordeste do Brasil S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll [2015-10-22] (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\..\Interfaces\{5E936F18-1F27-481E-858F-AF00111391CC}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-606747145-261903793-1801674531-1003 -> DefaultScope OldSearch URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Sem Nome -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Nenhum Arquivo
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540014} -> C:\Arquivos de programas\GbPlugin\gbiehbnb.dll [2015-01-26] (Banco do Nordeste do Brasil S.A.)
BHO: Sem Nome -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Nenhum Arquivo
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} hxxps://passare.bnb.gov.br/agb/install/GbpDist.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\WINDOWS\system32\npdeployJava1.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Arquivos de programas\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Arquivos de programas\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-04] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Arquivos de programas\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Arquivos de programas\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-606747145-261903793-1801674531-1003: gastecnologia.com.br/sf/cef -> C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll [2014-08-12] (GAS Tecnologia)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [não assinado]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF [2015-10-22] [não assinado]

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.br/","hxxp://www.google.com.br/"
CHR DefaultSearchURL: Profile 1 -> hxxp:///www.google.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> google
CHR Profile: C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2014-08-05]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-12-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Profile: C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Profile 1
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-04]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Profile 1\Extensions\nnjbodopomfddehlalfilheomcahbpei [2015-11-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-08-08]
CHR HKU\S-1-5-21-606747145-261903793-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx [2014-07-28]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 GbpSv; C:\Arquivos de programas\GbPlugin\gbpsv.exe [555320 2014-11-03] (GAS Tecnologia)
S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-12-03] (Google Inc.)
S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-12-03] (Google Inc.)
R2 MBAMScheduler; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [914944 2006-11-02] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R0 GbpKm; C:\WINDOWS\System32\drivers\gbpkm.sys [46552 2015-01-26] (GAS Tecnologia)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 Ndisrd; C:\WINDOWS\System32\DRIVERS\gbpndisrd.sys [31448 2015-12-11] (GAS Tecnologia)
R3 NdisrdMP; C:\WINDOWS\System32\DRIVERS\gbpndisrd.sys [31448 2015-12-11] (GAS Tecnologia)
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 BHipsEx; \??\C:\WINDOWS\System32\drivers\BHipsEx.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\VALDSO~1\CONFIG~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; não ImagePath
S4 S3GIGP; system32\DRIVERS\S3gIGPm.sys [X]
U1 WS2IFSL; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-11 10:53 - 2015-12-11 10:53 - 00015688 _____ C:\Documents and Settings\Valdson Silva\Desktop\FRST.txt
2015-12-11 10:50 - 2015-12-11 10:53 - 00000000 ____D C:\FRST
2015-12-11 10:50 - 2015-12-11 10:50 - 01720320 _____ (Farbar) C:\Documents and Settings\Valdson Silva\Desktop\FRST.exe
2015-12-10 05:53 - 2015-12-10 05:53 - 09498816 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-12-09 14:45 - 2015-12-09 14:45 - 02369024 _____ (Farbar) C:\Documents and Settings\Valdson Silva\Desktop\FRST64.exe
2015-12-06 06:15 - 2015-12-06 06:15 - 00001238 _____ C:\Documents and Settings\Valdson Silva\Desktop\JRT.txt
2015-12-06 06:12 - 2015-12-06 06:13 - 01599336 _____ (Malwarebytes) C:\Documents and Settings\Valdson Silva\Desktop\JRT.exe
2015-12-06 05:40 - 2015-12-06 05:40 - 01736704 _____ C:\Documents and Settings\Valdson Silva\Desktop\AdwCleaner.exe
2015-12-06 05:31 - 2015-12-06 05:31 - 00006858 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPCleaner.txt
2015-12-06 05:21 - 2015-12-06 05:21 - 00000855 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPCleaner.lnk
2015-12-06 05:20 - 2015-12-06 05:20 - 01908224 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPCleaner.exe
2015-12-06 05:12 - 2015-12-06 05:12 - 00674278 _____ C:\Documents and Settings\Valdson Silva\Desktop\zhpcleaner.mp4
2015-12-04 05:25 - 2015-12-04 05:25 - 00002636 _____ C:\Documents and Settings\Valdson Silva\Desktop\mbam-log-2015-12-04 (05-07-07).xml
2015-12-03 14:20 - 2015-12-03 14:20 - 00032169 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPDiag.txt
2015-12-03 14:17 - 2015-12-06 05:31 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Dados de aplicativos\ZHP
2015-12-03 14:17 - 2015-12-03 14:17 - 00001700 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPFix.lnk
2015-12-03 14:17 - 2015-12-03 14:17 - 00001595 _____ C:\Documents and Settings\Valdson Silva\Desktop\ZHPDiag.lnk
2015-12-03 14:17 - 2015-12-03 14:17 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2015-12-03 14:17 - 2015-12-03 14:17 - 00000000 ____D C:\Arquivos de programas\ZHPDiag
2015-12-03 14:16 - 2015-12-03 14:17 - 06877287 _____ (Nicolas Coolman ) C:\Documents and Settings\Valdson Silva\Meus documentos\ZHPDiag2-2015.4.6.36.exe
2015-12-03 13:21 - 2015-12-03 13:21 - 00068480 _____ C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2015-12-03 12:57 - 2015-12-03 12:57 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck (5).hta
2015-12-03 12:52 - 2015-12-03 12:52 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck (4).hta
2015-12-03 12:51 - 2015-12-03 12:51 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck (3).hta
2015-12-03 12:50 - 2015-12-03 12:50 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck (2).hta
2015-12-03 12:49 - 2015-12-03 12:49 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck.hta
2015-12-03 12:49 - 2015-12-03 12:49 - 00002644 _____ C:\Documents and Settings\Valdson Silva\Meus documentos\legitcheck (1).hta
2015-12-03 12:41 - 2015-12-03 12:41 - 00090112 _____ C:\WINDOWS\Minidump\Mini120315-02.dmp
2015-12-03 12:22 - 2015-12-03 12:22 - 00090112 _____ C:\WINDOWS\Minidump\Mini120315-01.dmp
2015-12-03 12:08 - 2015-12-03 12:08 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Meus documentos\revouninstaller-portable
2015-12-03 12:07 - 2015-12-03 12:59 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Desktop\revouninstaller-portable
2015-12-03 11:14 - 2015-12-03 11:14 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-03 11:13 - 2015-12-03 11:13 - 00420026 _____ C:\Documents and Settings\Valdson Silva\Desktop\mbam-log-2015-12-03 (10-53-43).xml
2015-12-03 08:53 - 2015-12-10 05:49 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 08:51 - 2015-12-03 11:15 - 00000833 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-03 08:51 - 2015-12-03 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes Anti-Malware
2015-12-03 08:51 - 2015-12-03 10:08 - 00000000 ____D C:\Arquivos de programas\Malwarebytes Anti-Malware
2015-12-03 08:51 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-03 08:51 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-03 06:03 - 2015-12-08 20:02 - 00001883 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-12-03 06:03 - 2015-12-03 06:03 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome
2015-12-03 05:49 - 2015-12-11 00:28 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 05:49 - 2015-12-10 04:59 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 05:33 - 2015-12-03 05:47 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Deployment
2015-11-04 14:36 - 2015-11-04 14:36 - 00000000 ___RD C:\Documents and Settings\Valdson Silva\Menu Iniciar\Programas\Ferramentas administrativas
2015-11-04 12:49 - 2015-12-03 11:15 - 00000356 _____ C:\Documents and Settings\Valdson Silva\Desktop\Meus documentos.lnk
2015-10-22 20:15 - 2015-10-22 20:15 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-24 01:49 - 2015-09-24 01:49 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Dados de aplicativos\Opera Software
2015-09-24 01:49 - 2015-09-24 01:49 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Opera Software
2015-09-24 01:45 - 2015-12-11 00:28 - 00000436 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1443066301.job
2015-09-24 01:45 - 2015-12-03 11:15 - 00000738 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-09-24 01:45 - 2015-09-24 01:45 - 00000731 _____ C:\Documents and Settings\All Users\Menu Iniciar\Programas\Opera.lnk
2015-09-24 01:45 - 2015-09-24 01:45 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Dados de aplicativos\Shortcut
2015-09-24 01:45 - 2015-09-24 01:45 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner
2015-09-24 01:44 - 2015-09-24 01:45 - 00000000 ____D C:\Arquivos de programas\CCleaner
2015-09-24 01:39 - 2015-12-10 04:24 - 00000000 ____D C:\Arquivos de programas\Opera

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-11 10:53 - 2014-01-10 23:08 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-11 10:53 - 2013-08-22 12:03 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Configurações locais\Temp
2015-12-11 10:50 - 2013-08-22 08:42 - 00000000 ____D C:\WINDOWS
2015-12-11 10:46 - 2014-05-14 17:40 - 00000470 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{F7087D67-97A8-4BAF-90D2-A4596D687FE0}.job
2015-12-11 00:28 - 2014-08-17 22:18 - 00031448 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\GbpNdisrd.sys
2015-12-11 00:28 - 2014-03-31 16:44 - 00000238 _____ C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job
2015-12-11 00:28 - 2013-08-22 12:14 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-12-11 00:28 - 2013-08-22 12:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 00:28 - 2001-10-28 14:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-10 05:55 - 2013-08-22 12:03 - 00000210 ___SH C:\Documents and Settings\Valdson Silva\ntuser.ini
2015-12-10 05:55 - 2013-08-22 12:01 - 00032604 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-10 05:53 - 2014-01-10 23:08 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-10 05:53 - 2014-01-10 23:08 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-09 12:11 - 2013-08-26 14:24 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 15:00 - 2014-03-31 16:44 - 00000232 _____ C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job
2015-12-06 06:13 - 2013-08-22 08:47 - 00000000 ____D C:\Arquivos de programas
2015-12-06 05:43 - 2014-05-20 04:07 - 00000000 ____D C:\AdwCleaner
2015-12-06 05:30 - 2014-04-06 09:52 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\Temp
2015-12-06 05:30 - 2013-08-22 12:03 - 00000000 __RHD C:\Documents and Settings\Valdson Silva\Dados de aplicativos
2015-12-06 05:30 - 2013-08-22 08:46 - 00000000 __RHD C:\Documents and Settings\All Users\Dados de aplicativos
2015-12-06 05:17 - 2014-06-18 18:30 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-12-06 05:13 - 2014-11-06 12:53 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Dados de aplicativos\MPC-HC
2015-12-04 02:59 - 2013-08-22 12:03 - 00000000 ___HD C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos
2015-12-03 14:17 - 2013-08-22 08:46 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas
2015-12-03 14:16 - 2013-08-22 12:03 - 00000000 ___RD C:\Documents and Settings\Valdson Silva\Meus documentos
2015-12-03 13:27 - 2013-08-22 12:03 - 00000000 ___RD C:\Documents and Settings\Valdson Silva\Menu Iniciar\Programas
2015-12-03 13:25 - 2014-11-06 12:15 - 00000000 ____D C:\Arquivos de programas\DsNET Corp
2015-12-03 12:53 - 2013-08-22 08:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-03 12:41 - 2013-10-17 22:56 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-03 11:53 - 2013-08-22 08:46 - 00000000 ___RD C:\Documents and Settings\All Users\Documentos
2015-12-03 11:15 - 2014-11-06 12:52 - 00001610 _____ C:\Documents and Settings\Valdson Silva\Desktop\MPC-HC.lnk
2015-12-03 11:15 - 2014-04-12 01:01 - 00001630 _____ C:\Documents and Settings\Valdson Silva\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2015-12-03 11:15 - 2013-11-06 00:00 - 00001475 _____ C:\Documents and Settings\Valdson Silva\Desktop\Windows Explorer.lnk
2015-12-03 11:15 - 2013-08-24 14:04 - 00000837 _____ C:\Documents and Settings\Valdson Silva\Desktop\Internet Explorer.lnk
2015-12-03 11:14 - 2013-08-25 02:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960859$
2015-12-03 11:14 - 2013-08-22 08:47 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns
2015-12-03 10:52 - 2013-08-22 12:03 - 00000000 ____D C:\Documents and Settings\Valdson Silva
2015-12-03 05:49 - 2013-08-22 12:21 - 00000000 ____D C:\Arquivos de programas\Google
2015-12-02 21:20 - 2014-11-18 21:34 - 00000000 ____D C:\Documents and Settings\Administrador.CASA-C7DFBA3E80.000
2015-11-27 16:58 - 2014-11-17 17:53 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Desktop\tocomsat
2015-11-27 16:58 - 2014-11-05 10:33 - 00000000 ____D C:\Documents and Settings\Valdson Silva\Meus documentos\Cópia de Downloads

==================== Arquivos na raiz de alguns diretórios =======

2014-03-31 17:52 - 2014-03-31 17:58 - 0031168 _____ () C:\Documents and Settings\Valdson Silva\Dados de aplicativos\unins000.dat
2014-06-21 17:05 - 2014-06-21 17:05 - 0005120 _____ () C:\Documents and Settings\Valdson Silva\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Alguns arquivos em TEMP:
====================
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1tlf7z.dll
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\ICSW1.14_0B1T1L2V1T1J1L1V1G1P2W0S1J1L1GtB1.14.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\Quarantine.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\ReimageExpressPackage.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\ReimageExpressSetup.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\ReimagePackage.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\sqlite3.dll
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\sqlite3.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\{6F2355B6-9874-4483-A03C-63ECD2B2D0E8}-45.0.2454.101_chrome_installer.exe
C:\Documents and Settings\Valdson Silva\Configurações locais\Temp\{C1EEBC3A-C4F1-4402-A4D1-53CB4DE3A002}-45.0.2454.101_chrome_installer.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité