cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:24-02-2016
Executado por Maria Cecília (administrador) em NOTEBOOK (25-02-2016 18:24:55)
Executando a partir de C:\Users\Maria Cecília\Desktop
Perfis Carregados: Maria Cecília (Perfis Disponíveis: Maria Cecília)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Safe Mode (with Networking)
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4423680 2007-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-07] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317560 2007-06-11] (Sony Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-02-13] (GAS Tecnologia LTDA)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM\...\RunOnce: [{51358382-5E1F-4B45-86D7-8D4DCAD780FF}] => cmd.exe /C start /D "C:\Users\MARIAC~1\AppData\Local\Temp\{51358382-5E1F-4B45-86D7-8D4DCAD780FF}" /B {E8119A94-FE49-4189-BF2E-811840705FE5}.exe -accepteula -accepteulaksn -activeimages -postboot <===== ATENÇÃO
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2007-07-24] (Sony Corporation)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [Google Update] => C:\Users\Maria Cecília\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-06] (Google Inc.)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe [682760 2015-03-25] (MAVIN LOG, S.L.)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\Run: [Dropbox Update] => C:\Users\Maria Cecília\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [8097 2016-02-25] ()
HKU\S-1-5-21-781395481-1023966087-4118065925-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria Cecília\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria Cecília\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria Cecília\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2008-02-29]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Maria Cecília\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Maria Cecília\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{990E9171-9476-4087-A6E1-5102DE083F40}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-781395481-1023966087-4118065925-1000 -> {223E0F9A-B45A-4325-983A-70408C9168EB} URL = hxxp://fr.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-781395481-1023966087-4118065925-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=UP94DF&PC=UP94&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-781395481-1023966087-4118065925-1000 -> {9EA137D2-2C7F-4D41-87C9-F576EF09FEF2} URL = hxxp://rover.ebay.com/rover/1/709-71121-23097-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-781395481-1023966087-4118065925-1000 -> {9F5C1B9C-FC91-4388-9532-7F821F48B91F} URL = hxxp://www.flickr.com/search/?q={searchTerms}
BHO: Facilitador de Leitor de Link Adobe PDF -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-24] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-781395481-1023966087-4118065925-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-24] (Google Inc.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_71-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Nenhum Arquivo
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Maria Cecília\AppData\Roaming\Mozilla\Firefox\Profiles\ae3pi5si.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-781395481-1023966087-4118065925-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Maria Cecília\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-781395481-1023966087-4118065925-1000: @talk.google.com/O1DPlugin -> C:\Users\Maria Cecília\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-781395481-1023966087-4118065925-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Maria Cecília\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-781395481-1023966087-4118065925-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Maria Cecília\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Maria Cecília\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Maria Cecília\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [não assinado]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => Nenhum Arquivo
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Nenhum Arquivo
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Nenhum Arquivo
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => Nenhum Arquivo
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Maria Cecília\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Maria Cecília\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => Nenhum Arquivo
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Maria Cecília\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Cyti Web) - C:\Users\Maria Cecília\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgfpolekjbocjmifingoopneojkgooka [2015-01-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maria Cecília\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
S2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [587576 2015-08-13] (GAS Tecnologia)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Arquivo não assinado]
S2 InfigoOperator; C:\Program Files\Infigo\InfigoOperator.exe [19720 2015-03-25] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [Arquivo não assinado]
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [Arquivo não assinado]
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation) [Arquivo não assinado]
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-07-24] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-Mobile-Gateway; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [499712 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-UCLS-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [397312 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation) [Arquivo não assinado]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292152 2007-07-13] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation) [Arquivo não assinado]
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [188416 2007-06-28] (Sony Corporation) [Arquivo não assinado]
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [184320 2007-06-28] (Sony Corporation) [Arquivo não assinado]
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [507704 2015-02-13] (GAS Tecnologia LTDA)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-09-03] (GAS Tecnologia)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-05] (Texas Instruments)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\MARIAC~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-25 18:24 - 2016-02-25 18:25 - 00020188 _____ C:\Users\Maria Cecília\Desktop\FRST.txt
2016-02-25 18:23 - 2016-02-25 18:24 - 00000000 ____D C:\FRST
2016-02-25 18:09 - 2016-02-25 18:08 - 01722368 _____ (Farbar) C:\Users\Maria Cecília\Desktop\FRST.exe
2016-02-25 15:19 - 2016-02-25 15:20 - 00200418 _____ C:\TDSSKiller.3.1.0.9_25.02.2016_15.19.52_log.txt
2016-02-25 13:34 - 2016-02-25 17:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 13:33 - 2016-02-25 13:33 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-25 13:33 - 2016-02-25 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-25 13:33 - 2016-02-25 13:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-25 13:33 - 2016-02-25 13:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-25 13:33 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-25 13:33 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-25 13:33 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-25 10:45 - 2016-02-25 18:23 - 01366094 _____ C:\Windows\ntbtlog.txt
2016-02-19 21:10 - 2016-02-19 21:10 - 00000000 ____D C:\Users\Maria Cecília\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-12 12:42 - 2016-02-12 12:42 - 00000000 ____D C:\3760fd1d14d1916d054debbc136cd4fc
2016-02-12 12:31 - 2016-01-30 00:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-12 12:31 - 2016-01-30 00:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2016-02-12 12:31 - 2016-01-30 00:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-12 12:31 - 2016-01-30 00:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-12 12:31 - 2016-01-30 00:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-12 12:31 - 2016-01-30 00:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-02-12 12:31 - 2016-01-30 00:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-12 12:31 - 2016-01-30 00:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2016-02-12 12:31 - 2016-01-30 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-12 12:31 - 2016-01-30 00:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-02-12 12:31 - 2016-01-30 00:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-02-12 12:31 - 2016-01-30 00:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-02-12 12:31 - 2016-01-30 00:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2016-02-12 12:31 - 2016-01-30 00:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2016-02-12 12:31 - 2016-01-29 22:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2016-02-12 12:24 - 2016-02-01 14:21 - 01208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-12 12:24 - 2016-01-30 00:15 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-12 12:24 - 2016-01-30 00:15 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-12 12:24 - 2016-01-30 00:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-12 12:24 - 2016-01-30 00:09 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-12 12:24 - 2016-01-30 00:08 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-12 12:24 - 2016-01-30 00:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-12 12:24 - 2016-01-30 00:07 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-12 12:24 - 2016-01-29 22:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-12 12:20 - 2016-01-07 12:21 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-12 12:07 - 2016-01-07 12:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-12 11:56 - 2016-01-09 14:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 20:21 - 2016-02-11 20:21 - 00000000 ____D C:\77974621e19a6ef42f951b12ca1a3483
2016-02-11 14:50 - 2016-01-25 01:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 14:50 - 2016-01-25 01:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 14:50 - 2016-01-25 01:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 14:50 - 2016-01-25 01:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 14:50 - 2016-01-25 01:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 14:50 - 2016-01-25 01:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 14:50 - 2016-01-25 01:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-02-11 14:50 - 2016-01-25 01:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 14:50 - 2016-01-25 01:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 14:50 - 2016-01-25 01:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-02-11 14:50 - 2016-01-25 01:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-02-11 14:50 - 2016-01-25 01:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-02-06 17:52 - 2016-02-09 10:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-06 13:11 - 2016-02-23 09:53 - 00001969 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-06 12:48 - 2016-02-21 12:14 - 00000000 ____D C:\Users\Maria Cecília\Documents\Arquivos do Outlook
2016-01-27 18:18 - 2016-01-27 18:18 - 00158063 _____ C:\Users\Maria Cecília\Documents\Colégio Notarial do Brasil.pdf
2016-01-27 18:18 - 2016-01-27 18:18 - 00158063 _____ C:\Users\Maria Cecília\Documents\Censec.pdf

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-25 18:12 - 2009-03-28 19:52 - 00000000 ____D C:\Users\Maria Cecília\AppData\Roaming\Yahoo!
2016-02-25 18:12 - 2006-11-02 08:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-25 18:11 - 2015-01-27 18:23 - 00000000 ____D C:\AdwCleaner
2016-02-25 15:17 - 2015-01-27 18:20 - 00005899 _____ C:\Users\Maria Cecília\Desktop\JRT.txt
2016-02-25 13:58 - 2015-01-03 14:58 - 00000000 ____D C:\Program Files\c378d232-1b4d-4a45-a1c1-d0b92d6772c7
2016-02-25 13:58 - 2015-01-03 14:58 - 00000000 ____D C:\Program Files\4a857162-fd99-453b-a523-bad3ded85d71
2016-02-25 13:58 - 2015-01-03 14:53 - 00000000 ____D C:\Program Files\Velocidade Do PC
2016-02-25 13:58 - 2015-01-03 14:51 - 00000000 ____D C:\Program Files\2265a4dc-db68-4ef7-9240-5a6af4822766
2016-02-25 13:58 - 2007-09-10 08:04 - 00000000 ____D C:\Program Files\ArcSoft
2016-02-25 13:28 - 2006-11-05 22:32 - 00684794 _____ C:\Windows\system32\prfh0416.dat
2016-02-25 13:28 - 2006-11-05 22:32 - 00143868 _____ C:\Windows\system32\prfc0416.dat
2016-02-25 13:28 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\inf
2016-02-25 13:28 - 2006-11-02 07:33 - 01587312 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 11:07 - 2006-11-02 09:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 11:07 - 2006-11-02 09:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 11:06 - 2007-08-06 19:55 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-02-24 11:06 - 2006-11-02 10:01 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-24 11:06 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-24 10:57 - 2010-03-14 11:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781395481-1023966087-4118065925-1000UA.job
2016-02-24 10:48 - 2015-01-30 19:01 - 00001912 _____ C:\Windows\epplauncher.mif
2016-02-24 10:48 - 2015-01-30 19:00 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 10:46 - 2015-01-30 18:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 10:41 - 2013-05-28 11:23 - 00000000 ___RD C:\Users\Maria Cecília\Dropbox
2016-02-24 10:41 - 2013-05-28 11:16 - 00000000 ____D C:\Users\Maria Cecília\AppData\Roaming\Dropbox
2016-02-24 10:36 - 2011-11-05 18:01 - 00000280 _____ C:\Windows\Tasks\AutoKMS.job
2016-02-24 10:36 - 2009-12-06 11:07 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-23 21:15 - 2015-06-19 00:03 - 00001062 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-781395481-1023966087-4118065925-1000UA.job
2016-02-23 21:15 - 2009-12-06 11:07 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-23 20:55 - 2010-03-14 11:21 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781395481-1023966087-4118065925-1000Core.job
2016-02-23 09:53 - 2009-12-06 11:11 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 13:14 - 2015-06-19 00:03 - 00001010 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-781395481-1023966087-4118065925-1000Core.job
2016-02-13 08:39 - 2015-01-09 10:25 - 00000000 ____D C:\Windows\system32\MRT
2016-02-13 08:25 - 2006-11-02 07:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-12 20:56 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache
2016-02-12 12:47 - 2006-11-02 09:47 - 00421400 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-12 12:42 - 2006-11-02 09:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 12:42 - 2006-11-02 09:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-12 12:27 - 2006-11-02 07:23 - 00000378 _____ C:\Windows\win.ini
2016-02-12 11:42 - 2009-12-06 11:07 - 00000000 ____D C:\Users\Maria Cecília\AppData\Local\Google
2016-02-09 10:36 - 2015-08-19 19:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-06 10:54 - 2011-12-06 19:37 - 00000000 ____D C:\ProgramData\GbPlugin

==================== Arquivos na raiz de alguns diretórios =======

2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\Maria Cecília\AppData\Roaming\HDKCA
2015-01-03 15:45 - 2015-01-26 18:10 - 0000089 _____ () C:\Users\Maria Cecília\AppData\Roaming\WB.CFG
2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\Maria Cecília\AppData\Roaming\YKIMT
2012-03-04 10:04 - 2014-12-16 20:45 - 0005648 _____ () C:\Users\Maria Cecília\AppData\Local\d3d9caps.dat
2008-03-09 23:01 - 2009-02-02 21:38 - 0005632 _____ () C:\Users\Maria Cecília\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-14 23:33 - 2009-12-14 23:33 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Alguns arquivos em TEMP:
====================
C:\Users\Maria Cecília\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmndmfb.dll
C:\Users\Maria Cecília\AppData\Local\Temp\GURB5FA.exe
C:\Users\Maria Cecília\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Maria Cecília\AppData\Local\Temp\sqlite3.dll
C:\Users\Maria Cecília\AppData\Local\Temp\{0588946A-5792-448A-BAAE-234626CD17B9}-42.0.2311.135_42.0.2311.90_chrome_updater.exe
C:\Users\Maria Cecília\AppData\Local\Temp\{336DFBDC-C62B-4B80-B533-E873D510723D}-42.0.2311.135_42.0.2311.90_chrome_updater.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-02-25 18:11

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité