cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:06-01-2015
Executado por harcker (administrador) em HARCKER-PC (07-01-2016 00:09:17)
Executando a partir de C:\Users\harcker\Desktop
Perfis Carregados: harcker (Perfis Disponíveis: harcker)
Platform: Microsoft Windows 7 Starter (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TODO: <公司名>) C:\ProgramData\upgsvr
( ) C:\Windows\System32\lxczcoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
() C:\Program Files\CalendarTool\2.0.0.11153\CalendarServ.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
() C:\Program Files\WeatherTool\2.0.0.10998\WeatherService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\CalendarTool\2.0.0.11153\calendar.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-24] (Avast Software s.r.o.)
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\MountPoints2: {762e307f-d0e7-11e4-8735-0090f5925fb1} - E:\AutoRun.exe
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\MountPoints2: {a9d7e7d3-c9d1-11e3-a483-0090f5925fb1} - E:\Setup.exe
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\MountPoints2: {c5eebb80-6f8b-11e5-85c6-0090f5925fb1} - F:\AutoRun.exe
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\MountPoints2: {c5eebb8f-6f8b-11e5-85c6-0090f5925fb1} - F:\AutoRun.exe
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\MountPoints2: {e19eb9f0-c357-11e3-ab2b-ae289f32942e} - E:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-24] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{053517C0-FC43-4561-8C1F-810DCF3396E6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{438400F6-8956-49DE-8AF7-5FF9CA469ABF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4CE88C8E-EDBF-424F-849D-4AB91F564014}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8DA281B5-FAAE-46CC-9AE4-C533DA9354CA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B63F31FE-6A45-479C-A1F8-C1A2F7CFB60C}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=c981820267f799535e1c038bce758e95
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://positivo.br.msn.com
hxxp://www.positivoinformatica.com.br
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://positivo.br.msn.com
hxxp://www.positivoinformatica.com.br
HKU\S-1-5-21-95340145-2229599592-1714702123-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=c981820267f799535e1c038bce758e95
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> {34BAC01D-A100-4BBC-854C-7F044E8234EF} URL =
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-95340145-2229599592-1714702123-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-24] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Sem Nome -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> Nenhum Arquivo
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\harcker\AppData\Roaming\Mozilla\Firefox\Profiles\lmw4l70a.default
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=c981820267f799535e1c038bce758e95
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-06-12] [não assinado]
FF HKU\S-1-5-21-95340145-2229599592-1714702123-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-24]
CHR HKLM\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-24] (Avast Software s.r.o.)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [Arquivo não assinado]
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11153\CalendarServ.exe [153224 2015-12-10] ()
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-01] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe /s GoogleChromeUpService /uid:51447 /local:br [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-24] ()
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1182320 2009-07-25] (Bison Electronics. Inc. )
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1321568 2012-08-17] (Ralink Technology Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation )
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-07 00:09 - 2016-01-07 00:09 - 00013226 _____ C:\Users\harcker\Desktop\FRST.txt
2016-01-07 00:05 - 2016-01-07 00:02 - 01721856 _____ (Farbar) C:\Users\harcker\Desktop\FRST.exe
2016-01-07 00:02 - 2016-01-07 00:09 - 00000000 ____D C:\FRST
2016-01-07 00:01 - 2016-01-07 00:02 - 01721856 _____ (Farbar) C:\Users\harcker\Downloads\FRST.exe
2016-01-06 23:44 - 2016-01-06 23:44 - 00034270 _____ C:\Users\harcker\Desktop\fixlist.txt
2016-01-06 21:00 - 2016-01-06 21:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-06 20:46 - 2016-01-06 20:46 - 00000000 ____D C:\Program Files\CalendarTool
2015-12-20 23:11 - 2015-12-20 23:11 - 00107383 _____ C:\Users\harcker\Downloads\document(4).pdf
2015-12-20 15:03 - 2015-12-20 15:17 - 00000000 ____D C:\Users\harcker\Desktop\Nova pasta
2015-12-20 15:00 - 2015-12-20 15:20 - 00000000 ____D C:\temp
2015-12-20 14:54 - 2015-12-20 14:54 - 00001052 _____ C:\Users\Public\Desktop\Programa da Multifuncional Lexmark 1200 Series.lnk
2015-12-20 14:52 - 2015-12-20 14:52 - 00000092 _____ C:\Windows\Lexstat.ini
2015-12-20 14:50 - 2015-12-20 14:53 - 00012992 _____ C:\Windows\system32\LexFiles.ulf
2015-12-20 14:50 - 2015-12-20 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 1200 Series
2015-12-20 14:50 - 2015-12-20 14:53 - 00000000 ____D C:\Program Files\Lexmark 1200 Series
2015-12-20 14:50 - 2007-04-19 15:43 - 00537520 _____ ( ) C:\Windows\system32\lxczcoms.exe
2015-12-20 14:50 - 2007-04-19 15:43 - 00385968 _____ ( ) C:\Windows\system32\lxczih.exe
2015-12-20 14:50 - 2007-04-19 15:43 - 00381872 _____ ( ) C:\Windows\system32\lxczcfg.exe
2015-12-20 14:50 - 2007-04-19 15:40 - 00001851 _____ C:\Windows\system32\lxcz.loc
2015-12-20 14:50 - 2007-01-25 15:43 - 00155648 _____ (Lexmark International Inc.) C:\Windows\system32\lxczinsb.dll
2015-12-20 14:50 - 2007-01-25 15:43 - 00131072 _____ (Lexmark International, Inc.) C:\Windows\system32\lxczins.dll
2015-12-20 14:50 - 2007-01-25 15:43 - 00073728 _____ (Lexmark International Inc.) C:\Windows\system32\lxczcu.dll
2015-12-20 14:50 - 2007-01-25 15:42 - 00413696 _____ C:\Windows\system32\lxczutil.dll
2015-12-20 14:50 - 2007-01-22 23:30 - 00073728 _____ (Lexmark International) C:\Windows\system32\LXCZcfg.dll
2015-12-20 14:50 - 2007-01-22 23:08 - 00090112 _____ (Lexmark International, Inc.) C:\Windows\system32\lxczinsr.dll
2015-12-20 14:50 - 2007-01-22 23:07 - 00462848 _____ (Lexmark International Inc.) C:\Windows\system32\lxczjswr.dll
2015-12-20 14:50 - 2007-01-22 23:07 - 00094208 _____ (Lexmark International Inc.) C:\Windows\system32\lxczcur.dll
2015-12-20 14:50 - 2006-12-20 18:08 - 00643072 _____ ( ) C:\Windows\system32\lxczpmui.dll
2015-12-20 14:50 - 2006-12-20 18:06 - 01224704 _____ ( ) C:\Windows\system32\lxczserv.dll
2015-12-20 14:50 - 2006-12-20 18:01 - 00421888 _____ ( ) C:\Windows\system32\lxczcomm.dll
2015-12-20 14:50 - 2006-12-20 17:59 - 00585728 _____ ( ) C:\Windows\system32\lxczlmpm.dll
2015-12-20 14:50 - 2006-12-20 17:58 - 00397312 _____ ( ) C:\Windows\system32\lxcziesc.dll
2015-12-20 14:50 - 2006-12-20 17:58 - 00274432 _____ C:\Windows\system32\LXCZinst.dll
2015-12-20 14:50 - 2006-12-20 17:55 - 00094208 _____ ( ) C:\Windows\system32\lxczpplc.dll
2015-12-20 14:50 - 2006-12-20 17:54 - 00684032 _____ ( ) C:\Windows\system32\lxczcomc.dll
2015-12-20 14:50 - 2006-12-20 17:54 - 00163840 _____ ( ) C:\Windows\system32\lxczprox.dll
2015-12-20 14:50 - 2006-12-20 17:47 - 00413696 _____ ( ) C:\Windows\system32\lxczinpa.dll
2015-12-20 14:50 - 2006-12-20 17:46 - 00991232 _____ ( ) C:\Windows\system32\lxczusb1.dll
2015-12-20 14:50 - 2006-12-20 17:43 - 00323584 _____ ( ) C:\Windows\system32\LXCZhcp.dll
2015-12-20 14:50 - 2006-12-20 17:42 - 00696320 _____ ( ) C:\Windows\system32\lxczhbn3.dll
2015-12-20 14:50 - 2006-09-18 12:26 - 00983107 _____ (Microsoft Corporation) C:\Windows\system32\lxczgf.dll
2015-12-20 14:49 - 2015-12-20 14:49 - 00000000 ____D C:\lexmark
2015-12-20 14:41 - 2015-12-20 14:49 - 43802624 _____ C:\Users\harcker\Downloads\cjb1200Win7pt_BR.exe
2015-12-17 22:28 - 2015-12-17 22:28 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2015-12-17 22:28 - 2015-12-17 22:28 - 00000000 ____D C:\ProgramData\WindowsMsg
2015-12-17 22:28 - 2015-12-17 22:28 - 00000000 ____D C:\Program Files\osTip
2015-12-16 20:18 - 2016-01-06 21:38 - 00000000 ____D C:\Users\harcker\AppData\Roaming\CalendarTool
2015-12-12 23:12 - 2015-12-12 23:12 - 00065359 _____ C:\Users\harcker\Downloads\comprovante_2_48647_42646.pdf
2015-12-12 23:07 - 2015-12-12 23:07 - 00064706 _____ C:\Users\harcker\Downloads\comprovante_2_49425_43367.pdf
2015-12-12 23:07 - 2015-12-12 23:07 - 00000000 ____D C:\Program Files\WeatherTool
2015-12-08 13:26 - 2015-12-08 13:26 - 00000000 ____D C:\Program Files\Common Files\AV

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-07 00:03 - 2009-07-13 23:37 - 00000000 ____D C:\Windows
2016-01-06 23:18 - 2014-02-03 01:57 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-06 21:22 - 2014-02-03 01:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-06 21:19 - 2009-07-14 01:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 21:19 - 2009-07-14 01:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 21:11 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 19:31 - 2015-06-15 23:08 - 00000000 ____D C:\Users\harcker\AppData\Roaming\WeatherTool
2016-01-04 12:45 - 2010-04-27 09:42 - 01518542 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-04 12:45 - 2009-07-14 05:31 - 00664248 _____ C:\Windows\system32\prfh0416.dat
2016-01-04 12:45 - 2009-07-14 05:31 - 00128280 _____ C:\Windows\system32\prfc0416.dat
2016-01-04 12:45 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-01-04 11:18 - 2014-02-03 01:57 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-04 11:18 - 2014-02-03 01:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

2014-10-04 17:04 - 2015-06-25 00:04 - 0000229 _____ () C:\Users\harcker\AppData\Roaming\WB.CFG
2014-10-10 00:04 - 2014-12-17 00:04 - 0000010 _____ () C:\Users\harcker\AppData\Local\DSI.DAT
2014-12-17 00:04 - 2014-12-17 00:04 - 0022528 _____ () C:\Users\harcker\AppData\Local\dsisetup1248082812.exe
2014-11-21 20:04 - 2014-11-21 20:04 - 0022528 _____ () C:\Users\harcker\AppData\Local\dsisetup18673902.exe
2014-12-02 00:04 - 2014-12-02 00:04 - 0022528 _____ () C:\Users\harcker\AppData\Local\dsisetup553492502.exe
2014-11-11 23:54 - 2014-11-11 23:54 - 0000020 _____ () C:\ProgramData\bc.ini
2015-11-29 16:54 - 2015-11-26 06:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2014-01-29 18:11 - 2015-03-24 13:33 - 0014665 _____ () C:\ProgramData\hpzinstall.log
2015-10-30 22:05 - 2015-10-16 06:43 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr
2015-11-24 23:16 - 2015-11-24 23:16 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt

Alguns arquivos em TEMP:
====================
C:\Users\harcker\AppData\Local\Temp\2631.exe
C:\Users\harcker\AppData\Local\Temp\310.exe
C:\Users\harcker\AppData\Local\Temp\5680.exe
C:\Users\harcker\AppData\Local\Temp\9044.exe
C:\Users\harcker\AppData\Local\Temp\appshat_generic.exe
C:\Users\harcker\AppData\Local\Temp\atcMedia2411427576753.exe
C:\Users\harcker\AppData\Local\Temp\atcMedia8771446239649.exe
C:\Users\harcker\AppData\Local\Temp\atcMedia8861427721707.exe
C:\Users\harcker\AppData\Local\Temp\Bnd_somo_329_2015319_1526.exe
C:\Users\harcker\AppData\Local\Temp\BootstrapperIminentReinstallCampaign.exe
C:\Users\harcker\AppData\Local\Temp\CloudBackup6577.exe
C:\Users\harcker\AppData\Local\Temp\divxe4df.exe
C:\Users\harcker\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\harcker\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\harcker\AppData\Local\Temp\MSN1A21.exe
C:\Users\harcker\AppData\Local\Temp\Quarantine.exe
C:\Users\harcker\AppData\Local\Temp\rtdrvmon.exe
C:\Users\harcker\AppData\Local\Temp\Setup-2-.exe
C:\Users\harcker\AppData\Local\Temp\SimBundD.exe
C:\Users\harcker\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\harcker\AppData\Local\Temp\somoto_VDownloader_1.0.exe
C:\Users\harcker\AppData\Local\Temp\SPTDinst.exe
C:\Users\harcker\AppData\Local\Temp\sqlite3.dll
C:\Users\harcker\AppData\Local\Temp\ultimate_pc_cleaner.exe
C:\Users\harcker\AppData\Local\Temp\UninstallModule.exe
C:\Users\harcker\AppData\Local\Temp\vcredist_x86.exe
C:\Users\harcker\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-01-04 11:40

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité