cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:27-01-2016
Executado por RTB (administrador) em RTB-PC (02-02-2016 12:50:34)
Executando a partir de G:\001 - Identidade\Desktop\Nova pasta (3)
Perfis Carregados: RTB (Perfis Disponíveis: RTB)
Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3789793350-1982591169-2096331455-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
Startup: C:\Users\RTB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1510 series.lnk [2016-02-02]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 1510 series.lnk -> (Nenhum Arquivo)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.1
Tcpip\..\Interfaces\{FCDC5C80-330F-4B93-9DD7-BEE44D9D4540}: [DhcpNameServer] 8.8.8.8 8.8.4.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-3789793350-1982591169-2096331455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3789793350-1982591169-2096331455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Sem Nome -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> Nenhum Arquivo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl
FF DefaultSearchUrl: hxxps://br.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxps://br.search.yahoo.com/yhs/search
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF SearchPlugin: C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\google-avast.xml [2016-01-31]
FF SearchPlugin: C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo-avast.xml [2016-01-31]
FF Extension: Sem Nome - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\2pd3t3b3.default\Extensions\deskCutv2@gmail.com [2016-02-02] [não assinado]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\2pd3t3b3.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-24] [não assinado]
FF Extension: Sem Nome - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\deskCutv2@gmail.com [2016-02-02] [não assinado]
FF Extension: Sem Nome - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\yahooprotected@gmail.com [2016-02-02] [não assinado]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-24] [não assinado]
FF Extension: Default SearchProtected - C:\Users\RTB\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4}.xpi [2016-01-12] [não assinado]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2016-02-01] [não assinado]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\RTB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RTB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (AdBlock) - C:\Users\RTB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-31]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\RTB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-01-31] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2015-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-02 12:45 - 2016-02-02 12:50 - 00000000 ____D C:\FRST
2016-02-02 10:30 - 2016-02-02 11:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-02 10:29 - 2016-02-02 10:49 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-02 10:29 - 2016-02-02 10:29 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-02-02 10:29 - 2016-02-02 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-02 10:29 - 2016-02-02 10:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-02 10:29 - 2016-02-02 10:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-02 10:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-02 10:29 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-02 10:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-02 10:19 - 2016-02-02 10:19 - 00024218 _____ C:\ComboFix.txt
2016-02-02 00:12 - 2016-02-02 00:12 - 00003010 _____ C:\Windows\System32\Tasks\ttwifi
2016-02-02 00:12 - 2016-02-02 00:12 - 00002906 _____ C:\Windows\System32\Tasks\osTip
2016-02-02 00:12 - 2016-02-02 00:12 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-02-02 00:12 - 2016-02-02 00:12 - 00000000 ____D C:\Users\RTB\AppData\Local\CrashRpt
2016-02-02 00:12 - 2016-02-02 00:12 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-02 00:11 - 2016-02-02 00:11 - 00000000 ____D C:\Windows\system32\fudb
2016-02-02 00:10 - 2016-02-02 10:42 - 00000000 ____D C:\Users\RTB\AppData\Roaming\TorfaSefci
2016-02-02 00:10 - 2016-02-02 00:11 - 00000000 ____D C:\Users\RTB\AppData\Local\Tempfolder
2016-02-02 00:10 - 2016-02-02 00:10 - 00003338 _____ C:\Windows\System32\Tasks\Sifojii
2016-02-01 23:57 - 2016-02-01 23:57 - 00000000 ____D C:\Users\RTB\AppData\Roaming\ESET
2016-02-01 23:43 - 2016-02-01 23:43 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2016-02-01 23:43 - 2016-02-01 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-02-01 23:43 - 2016-02-01 23:43 - 00000000 ____D C:\ProgramData\ESET
2016-02-01 23:43 - 2016-02-01 23:43 - 00000000 ____D C:\Program Files\ESET
2016-01-31 21:28 - 2016-01-31 21:28 - 00000000 ___SD C:\Users\RTB\AppData\LocalLow\Temp
2016-01-31 18:43 - 2016-02-02 10:49 - 00002551 _____ C:\Users\RTB\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-31 18:42 - 2016-02-02 11:11 - 00000000 ____D C:\Users\RTB\AppData\Roaming\uTorrent
2016-01-31 15:26 - 2016-02-01 23:57 - 00000000 ____D C:\Users\RTB\AppData\Local\ESET
2016-01-31 15:07 - 2016-01-31 15:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-31 15:04 - 2016-02-01 23:38 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-01-31 15:04 - 2016-02-01 23:38 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-31 14:55 - 2016-02-02 10:47 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-01-31 14:55 - 2016-02-02 10:47 - 00000000 ____D C:\Users\RTB\AppData\Roaming\Baidu
2016-01-31 14:55 - 2016-02-02 10:47 - 00000000 ____D C:\ProgramData\baidu
2016-01-31 14:55 - 2016-01-31 14:55 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-01-31 14:30 - 2016-01-31 14:30 - 00000000 ____D C:\Users\Todos os Usuários\0f6cf769-7ea3-0
2016-01-31 14:30 - 2016-01-31 14:30 - 00000000 ____D C:\Users\Todos os Usuários\0f6cf769-5d35-1
2016-01-31 14:30 - 2016-01-31 14:30 - 00000000 ____D C:\ProgramData\0f6cf769-7ea3-0
2016-01-31 14:30 - 2016-01-31 14:30 - 00000000 ____D C:\ProgramData\0f6cf769-5d35-1
2016-01-31 14:12 - 2016-02-02 10:19 - 00000000 ____D C:\Qoobox
2016-01-31 14:12 - 2016-01-31 14:25 - 00000000 ____D C:\Windows\erdnt
2016-01-31 14:12 - 2011-06-26 04:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-31 14:12 - 2010-11-07 15:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-31 14:12 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-31 14:12 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-31 14:12 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-31 14:12 - 2000-08-30 22:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-31 14:12 - 2000-08-30 22:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-31 14:12 - 2000-08-30 22:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-31 14:10 - 2016-01-31 15:31 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-01-31 13:55 - 2016-01-31 15:29 - 00000000 ____D C:\Users\Todos os Usuários\8WdM8
2016-01-31 13:55 - 2016-01-31 15:29 - 00000000 ____D C:\ProgramData\8WdM8
2016-01-31 13:55 - 2016-01-31 13:55 - 00022476 _____ C:\Windows\System32\Tasks\{797A0D47-0C0F-0B7D-0E11-797E790F110C}
2016-01-31 13:55 - 2016-01-31 13:55 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-01-31 13:55 - 2016-01-31 13:55 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-01-31 13:55 - 2016-01-31 13:54 - 00001019 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-31 13:54 - 2016-02-02 10:47 - 00000000 ____D C:\Users\RTB\AppData\LocalLow\Company
2016-01-31 13:54 - 2016-01-31 13:54 - 00003336 _____ C:\Windows\System32\Tasks\Tofze
2016-01-31 13:54 - 2016-01-31 13:54 - 00000000 ____D C:\Users\Todos os Usuários\0f6cf769-55b1-0
2016-01-31 13:54 - 2016-01-31 13:54 - 00000000 ____D C:\Users\Todos os Usuários\0f6cf769-1407-1
2016-01-31 13:54 - 2016-01-31 13:54 - 00000000 ____D C:\ProgramData\0f6cf769-55b1-0
2016-01-31 13:54 - 2016-01-31 13:54 - 00000000 ____D C:\ProgramData\0f6cf769-1407-1
2016-01-31 13:53 - 2016-01-31 15:18 - 00000000 ____D C:\Program Files\Sound+
2016-01-31 13:23 - 2016-01-31 13:23 - 00000000 ____D C:\Users\RTB\AppData\Roaming\RHEng
2016-01-31 13:23 - 2016-01-31 13:23 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2016-01-31 13:22 - 2016-02-02 10:49 - 00001811 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-01-31 13:22 - 2016-01-31 13:23 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-01-31 13:22 - 2016-01-31 13:22 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-01-31 13:22 - 2016-01-31 13:22 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-01-31 13:22 - 2016-01-31 13:22 - 00000000 ____D C:\Users\RTB\AppData\Roaming\DAEMON Tools Lite
2016-01-31 13:22 - 2016-01-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-01-31 13:16 - 2016-01-31 13:22 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-01-31 13:16 - 2016-01-31 13:22 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-31 13:10 - 2016-01-31 13:10 - 00000000 ____D C:\Users\RTB\AppData\Local\Rockstar Games
2016-01-28 16:59 - 2016-01-28 16:59 - 00003022 _____ C:\Windows\System32\Tasks\{034010EF-6DBF-4FCA-8513-A9F35BE98AFA}
2016-01-28 15:36 - 2016-02-02 11:10 - 00000000 ____D C:\Program Files\Rockstar Games
2016-01-28 15:36 - 2016-02-02 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2 Player Missions BETA
2016-01-25 15:04 - 2016-02-02 10:42 - 00000000 ____D C:\Users\RTB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-25 15:00 - 2016-02-02 10:49 - 00001908 _____ C:\Users\Public\Desktop\GTA San Andreas.lnk
2016-01-25 15:00 - 2016-01-31 15:38 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-01-25 15:00 - 2016-01-25 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-01-22 16:16 - 2016-02-02 11:04 - 00000000 ____D C:\Users\RTB\AppData\Local\CrashDumps
2016-01-21 18:33 - 2016-02-02 10:49 - 00000941 _____ C:\Users\Public\Desktop\KompoZer.lnk
2016-01-21 18:33 - 2016-01-21 18:33 - 00000000 ____D C:\Users\RTB\AppData\Roaming\kompozer.net
2016-01-21 18:33 - 2016-01-21 18:33 - 00000000 ____D C:\Users\RTB\AppData\Local\kompozer.net
2016-01-21 18:33 - 2016-01-21 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer
2016-01-21 18:33 - 2016-01-21 18:33 - 00000000 ____D C:\Program Files (x86)\KompoZer
2016-01-21 18:13 - 2016-02-02 11:04 - 00000000 ____D C:\Users\RTB\AppData\Roaming\FileZilla
2016-01-21 18:13 - 2016-01-21 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-01-21 18:12 - 2016-01-21 18:13 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-01-17 23:09 - 2016-01-17 23:09 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2016-01-16 16:10 - 2016-01-16 16:10 - 00000000 ____D C:\Users\Todos os Usuários\Pianosoft
2016-01-16 16:10 - 2016-01-16 16:10 - 00000000 ____D C:\ProgramData\Pianosoft
2016-01-16 16:10 - 2016-01-16 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 Converter
2016-01-16 16:10 - 2016-01-16 16:10 - 00000000 ____D C:\Program Files (x86)\Free MP3 Converter
2016-01-16 16:10 - 2008-07-12 16:41 - 00454656 _____ (MultiMedia Soft) C:\Windows\SysWOW64\Asoedmms.ocx
2016-01-16 16:10 - 2008-07-12 15:59 - 01343488 _____ (MultiMedia Soft) C:\Windows\SysWOW64\AdjMmsEng.dll
2016-01-16 16:10 - 2008-06-18 00:42 - 00098708 _____ C:\Windows\SysWOW64\activesoundeditor.tlb
2016-01-16 16:10 - 2005-11-05 19:34 - 00145408 _____ C:\Windows\SysWOW64\Lame.exe
2016-01-16 16:10 - 2005-11-05 14:31 - 00356352 _____ (eSellerate Inc.) C:\Windows\ESELLERATEENGINE.DLL
2016-01-16 16:10 - 2005-10-07 16:23 - 00266240 _____ (Namtuk.com) C:\Windows\SysWOW64\MyCommandButton.ocx
2016-01-16 16:10 - 2005-06-28 18:31 - 00499712 _____ (Mind and Motion Technologies) C:\Windows\SysWOW64\LameEncoderX.ocx
2016-01-16 16:10 - 2005-05-17 16:37 - 00076800 _____ C:\Windows\SysWOW64\Faac.exe
2016-01-16 16:10 - 2005-05-06 23:46 - 00020480 _____ (Pianosoft) C:\Windows\Winhelpman.exe
2016-01-16 16:10 - 2005-01-13 16:52 - 00389120 _____ (TODO: ) C:\Windows\SysWOW64\PulseSoundTouchForVB.ocx
2016-01-16 16:10 - 2005-01-13 16:28 - 00006832 _____ C:\Windows\SysWOW64\PulseSoundTouchForVB.tlb
2016-01-16 16:10 - 2004-10-02 16:24 - 00245760 _____ (xyz) C:\Windows\SysWOW64\XTab.ocx
2016-01-16 16:10 - 2004-04-23 16:02 - 00065536 _____ (PV) C:\Windows\SysWOW64\cpvSlider.ocx
2016-01-16 16:10 - 2003-06-23 04:05 - 00262144 _____ (vbAccelerator) C:\Windows\SysWOW64\vbaListView6.ocx
2016-01-16 16:10 - 2003-06-06 13:21 - 00081920 _____ (eSellerate Inc.) C:\Windows\SysWOW64\eSellerateControl350.dll
2016-01-16 16:10 - 2003-04-01 10:36 - 00094208 _____ (vbAccelerator) C:\Windows\SysWOW64\vbalIml6.ocx
2016-01-16 16:10 - 2003-01-26 15:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll
2016-01-16 16:10 - 2002-07-19 12:48 - 00157696 _____ C:\Windows\SysWOW64\OggEnc.exe
2016-01-16 16:10 - 2001-10-05 12:25 - 00139264 _____ C:\Windows\SysWOW64\SmartNetButton.ocx
2016-01-16 16:10 - 2001-04-27 16:11 - 00024576 _____ (VBSmart) C:\Windows\SysWOW64\SmartSubClass.dll
2016-01-16 16:10 - 2000-05-22 17:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2016-01-16 15:33 - 2016-02-02 10:49 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-16 15:33 - 2016-02-02 10:49 - 00001005 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-16 15:33 - 2016-01-17 01:15 - 00000000 ____D C:\Users\RTB\AppData\Roaming\Audacity
2016-01-16 15:33 - 2016-01-16 15:33 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-12 21:57 - 2016-01-14 10:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 18:17 - 2016-01-07 18:17 - 00000000 ____D C:\Users\RTB\AppData\Roaming\Samsung
2016-01-07 18:17 - 2016-01-07 18:17 - 00000000 ____D C:\Users\RTB\AppData\Local\Samsung
2016-01-07 18:16 - 2015-05-21 04:02 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2016-01-07 18:16 - 2015-05-21 04:02 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2016-01-07 18:16 - 2015-05-21 04:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys
2016-01-07 18:16 - 2015-05-21 04:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2016-01-07 18:16 - 2015-05-21 04:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2016-01-07 18:15 - 2016-02-02 11:01 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2016-01-07 18:14 - 2016-01-25 15:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-07 18:14 - 2016-01-07 18:16 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2016-01-07 18:14 - 2016-01-07 18:16 - 00000000 ____D C:\ProgramData\Samsung
2016-01-07 18:14 - 2016-01-07 18:16 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-01-07 18:14 - 2016-01-07 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-01-07 18:14 - 2013-06-14 19:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2016-01-07 18:14 - 2013-06-14 19:56 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2016-01-07 18:13 - 2016-01-07 18:13 - 00000000 ____D C:\Users\RTB\AppData\Local\Downloaded Installations

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-02 12:04 - 2009-07-14 02:45 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 12:04 - 2009-07-14 02:45 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 11:27 - 2009-07-14 15:55 - 00707974 _____ C:\Windows\system32\prfh0416.dat
2016-02-02 11:27 - 2009-07-14 15:55 - 00147754 _____ C:\Windows\system32\prfc0416.dat
2016-02-02 11:27 - 2009-07-14 03:13 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 11:27 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-02-02 11:23 - 2015-11-26 13:50 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 11:23 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 11:04 - 2015-12-05 20:34 - 00000000 ____D C:\Windows\Minidump
2016-02-02 11:04 - 2015-11-27 11:03 - 00000000 ____D C:\Users\RTB\AppData\Roaming\TeamViewer
2016-02-02 11:04 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\ModemLogs
2016-02-02 10:50 - 2015-11-27 11:03 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-02-02 10:50 - 2015-11-26 13:38 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-02 10:50 - 2009-07-14 02:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-02 10:50 - 2009-07-14 02:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-02 10:50 - 2009-07-14 02:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-02 10:50 - 2009-07-14 02:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-02 10:50 - 2009-07-14 02:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-02 10:49 - 2015-11-26 18:31 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-02-02 10:49 - 2015-11-26 18:30 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2016-02-02 10:49 - 2015-11-26 18:26 - 00001384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-02-02 10:49 - 2015-11-26 14:20 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-02 10:49 - 2015-11-26 13:51 - 00001907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-02 10:49 - 2015-11-26 13:50 - 00002198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 10:49 - 2015-11-26 13:41 - 00001423 _____ C:\Users\RTB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-02 10:49 - 2015-11-26 13:41 - 00001389 _____ C:\Users\RTB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-02 10:49 - 2015-11-26 13:38 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-02 10:49 - 2009-07-14 03:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-02 10:49 - 2009-07-14 02:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-02 10:18 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini
2016-02-02 02:00 - 2015-11-26 18:25 - 00000000 ____D C:\Users\RTB\AppData\Local\Adobe
2016-02-01 20:10 - 2015-11-26 13:50 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 20:10 - 2015-11-26 13:50 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 20:10 - 2015-11-26 13:50 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 15:07 - 2015-11-26 19:05 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-31 14:57 - 2015-11-26 13:52 - 01650340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-31 14:35 - 2015-12-14 22:31 - 00000000 ____D C:\Program Files\Unlocker
2016-01-31 14:23 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-31 14:21 - 2009-07-14 00:34 - 60030976 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-31 14:21 - 2009-07-14 00:34 - 23855104 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-31 14:21 - 2009-07-14 00:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-31 14:21 - 2009-07-14 00:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-01-31 14:21 - 2009-07-14 00:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2016-01-29 09:28 - 2015-11-30 09:20 - 00000000 ____D C:\Backup - OS Plus 4.0
2016-01-29 07:33 - 2015-11-26 14:55 - 00000000 ____D C:\Users\RTB\AppData\Roaming\HpUpdate
2016-01-26 17:35 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-21 18:33 - 2015-11-26 13:41 - 00000000 ____D C:\Users\RTB\AppData\Local\VirtualStore
2016-01-14 10:20 - 2015-11-26 13:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-13 01:09 - 2015-12-02 07:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Arquivos na raiz de alguns diretórios =======

2015-12-22 02:07 - 2015-12-22 02:07 - 0000132 _____ () C:\Users\RTB\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2015-12-01 09:02 - 2015-12-01 09:02 - 0000069 _____ () C:\Users\RTB\AppData\Local\bootcfg.dat
2015-12-27 16:50 - 2015-12-27 16:50 - 0000017 _____ () C:\Users\RTB\AppData\Local\resmon.resmoncfg
2015-11-26 14:54 - 2015-11-26 14:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-26 13:46 - 2015-11-26 13:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-31 13:55 - 2016-01-31 13:55 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Alguns arquivos em TEMP:
====================
C:\Users\RTB\AppData\Local\Temp\1454417273.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-01-29 10:36

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité