cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:17-12-2015
Executado por MOACIR (administrador) em ABIT-053A8EEE30 (18-12-2015 00:10:11)
Executando a partir de D:\Meus documentos\Downloads
Perfis Carregados: MOACIR (Perfis Disponíveis: MOACIR)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão não detectado!)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\ARQUIV~1\GbPlugin\GbpSv.exe
(GAS Tecnologia) C:\ARQUIV~1\GbPlugin\GbpSv.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\EPSON Software\Event Manager\EEventManager.exe
(GAS Tecnologia LTDA) C:\Arquivos de programas\Diebold\Warsaw\core.exe
(Ruiware LLC) C:\Arquivos de programas\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Arquivos de programas\Messenger\msmsgs.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATILDE.EXE
(McAfee, Inc.) C:\Arquivos de programas\McAfee Security Scan\3.11.149\SSScheduler.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(Oracle Corporation) C:\Arquivos de programas\Java\jre7\bin\jqs.exe
() C:\Arquivos de programas\QQS\serverqqs.exe
(GAS Tecnologia LTDA) C:\Arquivos de programas\Diebold\Warsaw\core.exe
() C:\Arquivos de programas\windowsvnew\windowsclnew.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Arquivos de programas\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Arquivos de programas\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [1045720 2015-09-14] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Diebold - Warsaw] => C:\Arquivos de programas\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\RunOnce: [PriceFountain] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\MOACIR\DADOSD~1\PriceFountain\UpdateProc\bkup.dat"
Winlogon\Notify\ GbPluginBb: C:\Arquivos de programas\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\NavLogon:
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\Run: [WinPatrol] => C:\Arquivos de programas\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\Run: [MSMSGS] => C:\Arquivos de programas\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\Run: [pricefountainw.exe] => C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATILDE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\RunOnce: [PriceFountain] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\MOACIR\DADOSD~1\PriceFountain\UpdateProc\bkup.dat"
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [116648 2015-06-05] (Google Inc.)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk [2015-08-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Arquivos de programas\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\MOACIR\Menu Iniciar\Programas\Inicializar\MyPC Backup.lnk [2015-04-17]
ShortcutTarget: MyPC Backup.lnk -> C:\Arquivos de programas\OLBPre\OLBPre.exe ()

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 189.4.0.178 189.4.0.142 189.4.0.147
Tcpip\..\Interfaces\{88EC0701-4542-4FEA-9548-0D20D4649130}: [DhcpNameServer] 189.4.0.178 189.4.0.142 189.4.0.147

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
HKU\S-1-5-21-1757981266-1343024091-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1757981266-1343024091-1417001333-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-1343024091-1417001333-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1757981266-1343024091-1417001333-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Arquivos de programas\Java\jre7\bin\ssv.dll [2014-07-31] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Arquivos de programas\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll [2014-07-31] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Nenhum Arquivo
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MOACIR\Dados de aplicativos\Mozilla\Firefox\Profiles\o2vpgvd9.default
FF NewTab: hxxp://do-search.com/newtab/?type=nt&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
FF SelectedSearchEngine: do-search
FF Homepage: hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-14] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Arquivos de programas\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll [2014-07-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Arquivos de programas\Microsoft Silverlight\4.0.51204.0\npctrl.dll [2010-12-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @qqsn.com/QqsnInsert -> C:\Arquivos de programas\QQS\NpqqsnInsert.dll [2013-07-29] (Alliance Win Online Network Technology Co., LTD)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Arquivos de programas\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Arquivos de programas\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Arquivos de programas\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1757981266-1343024091-1417001333-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll [2013-11-06] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\buscape.xml [2015-04-03]
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\do-search.xml [2015-04-17]
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-04-03]
FF Extension: Default NewTab - C:\Documents and Settings\MOACIR\Dados de aplicativos\Mozilla\Firefox\Profiles\o2vpgvd9.default\Extensions\default_newtabff@gmail.com [2015-08-03] [não assinado]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-18] [não assinado]
FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Documents and Settings\MOACIR\Dados de aplicativos\Mozilla\Firefox\Profiles\o2vpgvd9.default\extensions\quick_searchff@gmail.com => não encontrado (a)
FF ExtraCheck: C:\Arquivos de programas\mozilla firefox\firefox.cfg [2013-05-01] <==== ATENÇÃO

Chrome:
=======
CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1429237686&from=cor&uid=ST3120026AS_4MS21VC7XXXX4MS21VC7"
CHR Profile: C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Envie Capturas de Tela com Comentários) - C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin [2015-10-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
StartMenuInternet: chrome.exe - c:\documents and settings\moacir\configurações locais\dados de aplicativos\google\chrome\application\chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 EpsonCustomerResearchParticipation; C:\Arquivos de programas\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [593392 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 GbpSv; C:\Arquivos de programas\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
S3 gusvc; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2009-12-22] (Google)
R2 JavaQuickStarterService; C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696 2014-07-31] (Oracle Corporation)
S4 LiveUpdate; C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
S4 McComponentHostService; C:\Arquivos de programas\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
S4 MDM; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
S4 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-04-03] (Mozilla Foundation)
S4 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S4 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S4 RichVideo; C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [Arquivo não assinado]
R2 serverqqs; C:\Arquivos de programas\QQS\serverqqs.exe [712280 2014-01-26] ()
R2 Warsaw Technology; C:\Arquivos de programas\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
R2 windowsvnew; C:\Arquivos de programas\windowsvnew\windowsclnew.exe [36384 2014-08-15] ()
S4 WMPNetworkSvc; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [914944 2006-11-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 GbpKm; C:\WINDOWS\System32\drivers\GbpKm.sys [49496 2015-11-10] (GAS Tecnologia)
S3 Ndisrd; C:\WINDOWS\System32\DRIVERS\gbpndisrdn.sys [31448 2015-11-24] (GAS Tecnologia)
R3 NdisrdMP; C:\WINDOWS\System32\DRIVERS\gbpndisrdn.sys [31448 2015-11-24] (GAS Tecnologia)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation) [Arquivo não assinado]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation) [Arquivo não assinado]
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [80728 2015-12-17] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S4 IntelIde; não ImagePath
U1 WS2IFSL; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-18 00:07 - 2015-12-18 00:07 - 00000599 _____ C:\Documents and Settings\MOACIR\Desktop\Atalho (2) para FRST.exe.lnk
2015-12-18 00:06 - 2015-12-18 00:06 - 00000607 _____ C:\Documents and Settings\MOACIR\Desktop\Atalho (2) para FRST64.exe.lnk
2015-12-18 00:00 - 2015-12-18 00:00 - 02370048 _____ (Farbar) C:\Documents and Settings\MOACIR\Desktop\FRST64.exe
2015-12-11 01:26 - 2015-11-24 11:04 - 00113272 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddin32.sys
2015-12-07 08:45 - 2015-12-07 08:48 - 00000000 ____D C:\Condomínio Paraíso
2015-12-07 08:44 - 2015-12-07 08:46 - 00000000 ____D C:\Condomínio Solarium
2015-11-24 13:38 - 2015-11-24 13:38 - 00031448 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpndisrdn.sys
2015-11-24 13:37 - 2015-12-13 09:24 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2015-11-24 13:37 - 2015-11-25 11:22 - 00000000 ____D C:\Arquivos de programas\GbPlugin
2015-11-24 13:37 - 2015-11-24 13:37 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\GAS Tecnologia
2015-11-24 13:37 - 2015-11-10 15:48 - 00049496 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpkm.sys
2015-11-24 13:26 - 2015-12-17 23:51 - 00080728 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2015-11-24 13:26 - 2015-11-24 13:27 - 00001024 _____ C:\.rnd
2015-11-24 13:26 - 2015-11-24 13:26 - 00000000 ___HD C:\Arquivos de programas\GAS Tecnologia
2015-11-24 13:26 - 2015-11-24 13:26 - 00000000 ____D C:\Arquivos de programas\Diebold
2015-11-24 13:26 - 2015-03-18 11:23 - 00079064 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddpp.sys
2015-10-02 18:32 - 2015-12-14 15:04 - 00000000 ____D C:\SCANNER
2015-09-29 11:45 - 2015-09-29 11:47 - 00000000 ____D C:\Diversos
2015-09-19 12:14 - 2015-09-19 12:21 - 00000000 ____D C:\Condomínio Asturias

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-18 00:10 - 2015-01-01 12:13 - 00000000 ____D C:\FRST
2015-12-18 00:10 - 2011-09-08 02:05 - 00000456 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{6212FB9A-7766-44D1-941B-E691119E3B28}.job
2015-12-18 00:10 - 2010-10-07 20:48 - 00000000 ____D C:\Documents and Settings\MOACIR\Configurações locais\Temp
2015-12-17 23:51 - 2014-03-05 09:52 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2015-12-17 23:49 - 2014-09-16 10:42 - 00000224 _____ C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job
2015-12-17 23:49 - 2014-04-11 00:19 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-17 23:49 - 2010-10-07 20:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-17 19:21 - 2010-10-07 20:48 - 00000210 ___SH C:\Documents and Settings\MOACIR\ntuser.ini
2015-12-17 19:21 - 2010-10-07 20:47 - 00032282 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-17 19:20 - 2015-04-18 07:54 - 00000113 _____ C:\Documents and Settings\MOACIR\Dados de aplicativos\WB.CFG
2015-12-17 12:28 - 2015-04-17 00:28 - 00000416 _____ C:\WINDOWS\Tasks\At1.job
2015-12-17 12:22 - 2015-09-09 15:22 - 00000917 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {D2604305-8C92-410C-BA42-20386CD299E1}.job
2015-12-17 12:22 - 2015-09-09 15:22 - 00000731 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {D2604305-8C92-410C-BA42-20386CD299E1}.job
2015-12-17 12:21 - 2015-01-03 21:07 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes Anti-Exploit
2015-12-17 12:21 - 2010-10-07 17:35 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar\Programas
2015-12-17 12:21 - 2010-10-07 17:35 - 00000000 ___RD C:\Arquivos de programas
2015-12-17 12:14 - 2010-10-08 21:49 - 00000000 ____D C:\Documents and Settings\MOACIR\Dados de aplicativos\Skype
2015-12-16 22:49 - 2014-07-06 02:48 - 00001883 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-12-16 22:49 - 2014-04-11 00:19 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-16 11:40 - 2015-06-05 00:35 - 00001188 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-12-15 01:44 - 2015-01-04 11:59 - 00000000 ____D C:\Moacir C
2015-12-14 19:00 - 2010-10-07 17:25 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 09:28 - 2014-06-28 02:25 - 00000167 _____ C:\Documents and Settings\NetworkService\Dados de aplicativos\WB.CFG
2015-12-11 11:46 - 2010-10-07 20:48 - 00000000 ___HD C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos
2015-12-10 11:44 - 2008-04-14 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-09 02:29 - 2014-09-16 09:59 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 02:29 - 2014-09-16 09:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 01:37 - 2014-09-16 10:42 - 00000218 _____ C:\WINDOWS\Tasks\Notificação Mensal de Término de Serviço do Microsoft Windows XP.job
2015-12-01 23:40 - 2015-06-05 00:35 - 00001136 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-11-30 22:56 - 2010-10-08 21:49 - 00002553 _____ C:\Documents and Settings\MOACIR\Desktop\Microsoft Office Word 2007.lnk
2015-11-25 02:27 - 2010-10-07 17:25 - 00000000 ____D C:\WINDOWS
2015-11-25 02:26 - 2010-10-07 20:48 - 00045344 _____ C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2015-11-25 02:25 - 2010-10-07 17:28 - 00192184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-24 13:38 - 2010-10-07 17:25 - 00000000 ___HD C:\WINDOWS\inf
2015-11-24 13:37 - 2010-10-07 17:35 - 00000000 __RHD C:\Documents and Settings\All Users\Dados de aplicativos
2015-11-24 12:26 - 2010-10-08 21:49 - 00002485 _____ C:\Documents and Settings\MOACIR\Desktop\Microsoft Office Excel 2007.lnk

==================== Arquivos na raiz de alguns diretórios =======

2015-01-03 21:06 - 2015-01-03 21:06 - 2967032 _____ (Malwarebytes ) C:\Arquivos de programas\mbae-setup-1.05.1.1016.exe
2015-01-03 21:00 - 2015-01-03 20:59 - 4095448 _____ (BrightFort LLC ) C:\Arquivos de programas\spywareblastersetup50.exe
2015-01-03 21:10 - 2015-01-03 21:10 - 0210944 _____ () C:\Arquivos de programas\Telas Spyware e Malware...doc
2015-01-03 21:24 - 2015-01-03 21:24 - 0000162 ____H () C:\Arquivos de programas\~$las Spyware e Malware...doc
2015-04-18 07:54 - 2015-12-17 19:20 - 0000113 _____ () C:\Documents and Settings\MOACIR\Dados de aplicativos\WB.CFG
2010-10-08 23:18 - 2011-11-19 15:02 - 0008704 _____ () C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 16:34 - 2014-12-20 16:34 - 0000058 _____ () C:\Documents and Settings\MOACIR\Configurações locais\Dados de aplicativos\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2010-11-30 07:14 - 2010-11-30 07:14 - 0000331 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\.bat
2014-09-15 02:32 - 2014-09-15 02:32 - 0228996 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\1410755164.bdinstall.bin
2015-01-04 16:20 - 2015-01-04 16:20 - 0037339 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\1420395619.bdinstall.bin
2015-01-04 16:21 - 2015-01-04 16:21 - 0096834 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\1420395623.bdinstall.bin
2010-11-30 07:19 - 2010-11-30 07:19 - 0000000 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\dkwork.ini
2010-11-30 07:11 - 2010-11-30 07:14 - 0000272 _____ () C:\Documents and Settings\All Users\Dados de aplicativos\UpApp32.dll

Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\At1.job


Alguns arquivos em TEMP:
====================
C:\Documents and Settings\MOACIR\Configurações locais\Temp\CloudBackup7498.exe
C:\Documents and Settings\MOACIR\Configurações locais\Temp\ICSW_0B1T1L2V1T1J1L1V1G1P2W0S1J1L1GtB.exe
C:\Documents and Settings\MOACIR\Configurações locais\Temp\SkypeSetup.exe
C:\Documents and Settings\MOACIR\Configurações locais\Temp\{138BC0F0-B862-4359-82D2-8BFAA5307401}-45.0.2454.85_44.0.2403.157_chrome_updater.exe
C:\Documents and Settings\MOACIR\Configurações locais\Temp\{A6E32023-E573-4EBD-8A4A-31FCD5913BF3}-43.0.2357.130_43.0.2357.124_chrome_updater.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité