cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:13-12-2015
Executado por Usuario (administrador) em JAMARCO-PC (14-12-2015 11:57:04)
Executando a partir de D:\Download
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(UpAurora.COM) C:\Users\Usuario\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Users\Usuario\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.10998\weather.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1691136 2012-05-31] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\...\Run: [GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\...\Policies\Explorer: []
AppInit_DLLs-x32: C:\PROGRA~3\{E4850~1\1170~1.1\nado.dll => Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Earth Pro Crack 7.1 And License Key Full Version Free Download.lnk [2015-04-29]
ShortcutTarget: Google Earth Pro Crack 7.1 And License Key Full Version Free Download.lnk -> C:\ProgramData\{d6dda6dd-e856-bdeb-d6dd-da6dde859b77}\Google Earth Pro Crack 7.1 And License Key Full Version Free Download.exe (Nenhum Arquivo)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51657;https=127.0.0.1:51657
Tcpip\..\Interfaces\{03532083-F41E-4665-8C06-2DECDAA20D3F}: [NameServer] 200.204.0.10,8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={b11fe49c1d044153ac35633515f46e1d}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={b11fe49c1d044153ac35633515f46e1d}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-2577040247-4129381695-1897333911-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={b11fe49c1d044153ac35633515f46e1d}&r=102br
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
CHR Extension: (Balance Plugin) - C:\Users\Usuario\AppData\Local\Balance Plugin\Component [2015-12-14]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://nav.brotlab.net?uid={b11fe49c1d044153ac35633515f46e1d}&r=102br

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-23] (Foxit Software Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-01] ()
R2 UpAurora Kernel Service; C:\Users\Usuario\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe [184880 2015-12-03] (UpAurora.COM)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 XBox; C:\Users\Usuario\AppData\Roaming\XBox\XBLive.exe [6728120 2015-11-05] ()

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 eapihdrv; C:\Users\Usuario\AppData\Local\Temp\ehdrv.sys [135760 2015-12-11] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [1471488 2009-10-16] (Realtek Semiconductor Corporation )
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-14 11:56 - 2015-12-14 11:57 - 00000000 ____D C:\FRST
2015-12-14 07:44 - 2015-12-14 07:44 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2015-12-11 12:21 - 2015-12-11 12:21 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Elex-tech
2015-12-11 12:10 - 2015-12-11 12:10 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-11 11:54 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Todos os Usuários\ch_dl_url
2015-12-11 11:54 - 2015-11-26 07:58 - 04127064 _____ C:\ProgramData\ch_dl_url
2015-12-11 09:16 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2015-12-11 09:16 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-12-11 09:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2015-12-11 09:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2015-12-11 09:02 - 2015-12-11 09:02 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2015-12-11 09:02 - 2015-12-11 09:02 - 00000000 ____D C:\ProgramData\WindowsMsg
2015-12-11 09:01 - 2015-12-11 16:38 - 01314158 _____ ( ) C:\Users\Todos os Usuários\carssb.exe
2015-12-11 09:01 - 2015-12-11 16:38 - 01314158 _____ ( ) C:\ProgramData\carssb.exe
2015-12-11 08:36 - 2015-12-11 08:36 - 00001730 ____R C:\Yeabeats Browser.lnk
2015-12-11 08:35 - 2015-12-11 08:35 - 00005569 _____ C:\Users\Usuario\AppData\Roaming\webad.xml
2015-12-11 08:35 - 2015-12-10 14:10 - 01893888 _____ C:\Users\Usuario\AppData\Roaming\carssn.exe
2015-12-11 08:34 - 2015-12-11 11:02 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\LightGate
2015-12-11 08:34 - 2015-12-11 08:34 - 00000000 ____D C:\Users\Usuario\AppData\Local\Yeaplayer
2015-12-11 08:34 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2015-12-11 08:34 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2015-12-11 08:34 - 2015-11-14 21:06 - 02496403 _____ ( ) C:\Users\Usuario\AppData\Roaming\yeaplayer_51447.exe
2015-12-11 08:26 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\Usuario\AppData\Roaming\download.exe
2015-12-11 08:25 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Usuario\AppData\Roaming\upgsvr.exe
2015-12-11 08:25 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-12-11 08:25 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-11 08:14 - 2015-12-11 11:02 - 00001453 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-11 08:14 - 2015-12-11 11:02 - 00001419 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-11 08:14 - 2015-12-11 10:59 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UpAuroraBrowser
2015-12-11 08:14 - 2015-12-11 08:35 - 00001533 _____ C:\Users\Usuario\Desktop\Internet Explorer.lnk
2015-12-11 08:14 - 2015-12-11 08:14 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\XBox
2015-12-11 08:14 - 2015-12-11 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warface808
2015-12-11 08:13 - 2015-12-11 08:13 - 00000000 ____D C:\Users\Todos os Usuários\Tmp0x0x
2015-12-11 08:13 - 2015-12-11 08:13 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-11 08:11 - 2015-12-11 08:11 - 00003174 _____ C:\Windows\System32\Tasks\Balance Plugin
2015-12-11 08:11 - 2015-12-11 08:11 - 00003154 _____ C:\Windows\System32\Tasks\Balance Plugin2
2015-12-11 08:11 - 2015-12-11 08:11 - 00000000 ____D C:\Users\Usuario\AppData\Local\Balance Plugin

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-14 11:56 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-14 11:47 - 2015-06-14 11:00 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WeatherTool
2015-12-14 11:43 - 2014-08-28 14:58 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-14 11:23 - 2014-09-10 09:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-14 08:20 - 2011-04-12 11:40 - 00705994 _____ C:\Windows\system32\prfh0416.dat
2015-12-14 08:20 - 2011-04-12 11:40 - 00147270 _____ C:\Windows\system32\prfc0416.dat
2015-12-14 08:20 - 2009-07-14 03:13 - 01636372 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 08:20 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-14 07:37 - 2009-07-14 02:45 - 00033440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 07:37 - 2009-07-14 02:45 - 00033440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-14 07:31 - 2015-04-22 15:35 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-12-14 07:31 - 2014-08-28 14:58 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-14 07:31 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 11:34 - 2015-06-22 17:47 - 00000000 ____D C:\AdwCleaner
2015-12-11 11:02 - 2015-06-24 17:01 - 00002229 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 11:01 - 2014-08-28 12:25 - 00001423 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-11 11:01 - 2014-08-28 12:25 - 00001389 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-11 08:21 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-11 08:21 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-11 08:13 - 2015-06-24 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-11 08:13 - 2015-05-12 09:50 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface808
2015-12-09 01:39 - 2010-11-21 01:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 12:38 - 2014-08-28 14:58 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 12:38 - 2014-08-28 14:58 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-19 11:28 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Arquivos na raiz de alguns diretórios =======

2015-05-20 17:47 - 2015-06-23 17:45 - 0000024 _____ () C:\Users\Usuario\AppData\Roaming\appdataFr25.bin
2015-04-27 15:07 - 2015-05-11 15:30 - 0000020 _____ () C:\Users\Usuario\AppData\Roaming\appdataFr3.bin
2015-12-11 08:35 - 2015-12-10 14:10 - 1893888 _____ () C:\Users\Usuario\AppData\Roaming\carssn.exe
2015-12-11 08:26 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\Usuario\AppData\Roaming\download.exe
2015-12-11 08:25 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Usuario\AppData\Roaming\upgsvr.exe
2015-12-11 08:35 - 2015-12-11 08:35 - 0005569 _____ () C:\Users\Usuario\AppData\Roaming\webad.xml
2015-12-11 08:34 - 2015-11-14 21:06 - 2496403 _____ ( ) C:\Users\Usuario\AppData\Roaming\yeaplayer_51447.exe
2015-05-12 09:50 - 2015-05-12 09:50 - 0260876 _____ () C:\Users\Usuario\AppData\Local\nsw2740.tmp
2015-04-22 17:13 - 2015-04-29 15:17 - 0000804 _____ () C:\Users\Usuario\AppData\Local\Temp-log.txt
2015-05-25 08:33 - 2015-05-25 08:33 - 0000000 _____ () C:\ProgramData\6.7.cfg
2015-12-11 09:01 - 2015-12-11 16:38 - 1314158 _____ ( ) C:\ProgramData\carssb.exe
2015-12-11 11:54 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2015-12-11 08:34 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2015-12-11 09:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2015-03-30 17:51 - 2015-03-30 17:51 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-12-11 08:25 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-11 09:16 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\carssb.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\carssb.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Usuario\PROJETAR_vs_2008.exe


Alguns arquivos em TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\1%20navigaki.exe
C:\Users\Usuario\AppData\Local\Temp\1430730083.exe
C:\Users\Usuario\AppData\Local\Temp\2760.exe
C:\Users\Usuario\AppData\Local\Temp\75803uninstall.exe
C:\Users\Usuario\AppData\Local\Temp\81F4.exe
C:\Users\Usuario\AppData\Local\Temp\8942.exe
C:\Users\Usuario\AppData\Local\Temp\AcDeltree.exe
C:\Users\Usuario\AppData\Local\Temp\APNSetup.exe
C:\Users\Usuario\AppData\Local\Temp\appshat_generic.exe
C:\Users\Usuario\AppData\Local\Temp\avg520.exe
C:\Users\Usuario\AppData\Local\Temp\carssn.exe
C:\Users\Usuario\AppData\Local\Temp\downloader_2.0.0.1_102br_45_20151208_1446_1449557202.exe
C:\Users\Usuario\AppData\Local\Temp\File.exe
C:\Users\Usuario\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Usuario\AppData\Local\Temp\fsd29F9.exe
C:\Users\Usuario\AppData\Local\Temp\fsd9ECF.exe
C:\Users\Usuario\AppData\Local\Temp\fsd9F7F.exe
C:\Users\Usuario\AppData\Local\Temp\fsdAA8B.exe
C:\Users\Usuario\AppData\Local\Temp\fsdABD7.exe
C:\Users\Usuario\AppData\Local\Temp\fsdB846.exe
C:\Users\Usuario\AppData\Local\Temp\HomePage.exe
C:\Users\Usuario\AppData\Local\Temp\iSafeDownloader.exe
C:\Users\Usuario\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Usuario\AppData\Local\Temp\LightGate.exe
C:\Users\Usuario\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Usuario\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Usuario\AppData\Local\Temp\Quarantine.exe
C:\Users\Usuario\AppData\Local\Temp\sdf10EC.exe
C:\Users\Usuario\AppData\Local\Temp\sdf7548.exe
C:\Users\Usuario\AppData\Local\Temp\sdfDF7.exe
C:\Users\Usuario\AppData\Local\Temp\setacl.exe
C:\Users\Usuario\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\Usuario\AppData\Local\Temp\smt_luckysearches.exe
C:\Users\Usuario\AppData\Local\Temp\tu17p84.exe
C:\Users\Usuario\AppData\Local\Temp\unchecky_setup.exe
C:\Users\Usuario\AppData\Local\Temp\Uninstall.exe
C:\Users\Usuario\AppData\Local\Temp\upgsvr.exe
C:\Users\Usuario\AppData\Local\Temp\VuuPCSetup_full.exe
C:\Users\Usuario\AppData\Local\Temp\YeaPlayer_br_IBD_Bundle.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2015-12-10 12:21

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité