cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:27-02-2016
Executado por Not (administrador) em NOT-PC (01-03-2016 08:58:38)
Executando a partir de C:\Users\Not\Desktop
Perfis Carregados: Not (Perfis Disponíveis: Not)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Windows\System32\C2MP\UpdateChecker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\C2MP\TrayMenu.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2009-10-26] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM\...\Run: [LGODDFU] => C:\Program Files\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Codec Settings UAC Manager] => C:\Windows\system32\C2MP\CodecUACManager.exe [60344 2014-12-21] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [EPSON TX133 TX135 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHJB.EXE [208384 2010-12-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [Codec Pack Update Checker] => C:\Windows\system32\C2MP\UpdateChecker.exe [55992 2014-12-21] ()
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [Google Update] => C:\Users\Not\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-10] (Google Inc.)
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [Dropbox Update] => C:\Users\Not\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\...\Run: [GoogleChromeAutoLaunch_4D013C93135F825B6C898CEE188794F1] => C:\Program Files\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Not\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Not\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-02-05]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\System32\C2MP\TrayMenu.exe ()
Startup: C:\Users\Not\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Not\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{740F2D3D-2B91-4643-9DBF-829D55352C01}: [DhcpNameServer] 192.168.25.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1918045531-4293645944-74723622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-19] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Not\AppData\Roaming\Mozilla\Firefox\Profiles\nnlpqfcd.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p=
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Not\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: @talk.google.com/O1DPlugin -> C:\Users\Not\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Not\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Not\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: gastecnologia.com.br/sf/abn -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-20] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: gastecnologia.com.br/sf/bb -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1918045531-4293645944-74723622-1000: gastecnologia.com.br/sf/cef -> C:\Users\Not\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-21] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Users\Not\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Not\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Avira Browser Safety - C:\Users\Not\AppData\Roaming\Mozilla\Firefox\Profiles\nnlpqfcd.default\Extensions\abs@avira.com [2015-03-24] [não assinado]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://br.search.yahoo.com/?type=888596&fr=yo-yhp-ch","hxxp://www.mystartsearch.com/?type=hp&ts=1427037150&from=wpc&uid=WDCXWD3200BEVT-00ZCT0_WD-WXE409JR7164R7164"
CHR DefaultSearchURL: Default -> hxxp://dts.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Ask Search
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dropbox para Gmail) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-04]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-19]
CHR Extension: (Hangouts do Google) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-02-29]
CHR Extension: (Skype) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Verificador de mensagens do Google) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-04-10]
CHR Extension: (Ask Search) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-04-20]
CHR Extension: (iLivid) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-04-20]
CHR Extension: (Cath Kidston) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm [2015-04-10]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-04-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Arquivo não assinado]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-13] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-13] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-02] (Macrovision Europe Ltd.) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [27896 2010-04-24] (simonowen.com)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-05-14] (GAS Tecnologia)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [373248 2009-10-29] (Realtek Semiconductor Corporation )
S3 SydexFDD; C:\Windows\system32\Drivers\sydexfdd.sys [13359 2010-04-15] (Windows (R) 2000 DDK provider) [Arquivo não assinado]
R3 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [2665472 2012-01-03] (Chingachguk & Denger2k) [Arquivo não assinado]
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
R2 wntpport; C:\Windows\system32\Drivers\wntpport.sys [28416 2009-10-28] (Vireo Software) [Arquivo não assinado]
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-03-01] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-01 08:58 - 2016-03-01 08:59 - 00020006 _____ C:\Users\Not\Desktop\FRST.txt
2016-03-01 08:58 - 2016-03-01 08:58 - 00000000 ____D C:\FRST
2016-03-01 08:57 - 2016-03-01 08:57 - 01722368 _____ (Farbar) C:\Users\Not\Desktop\FRST.exe
2016-02-29 19:21 - 2016-02-29 19:21 - 00105415 _____ C:\Users\Not\Desktop\TRE_MG • Comprovante de agendamento de atendimento.pdf
2016-02-29 18:42 - 2016-02-29 18:42 - 00002167 _____ C:\Users\Public\Desktop\Receitanet 1.07 .lnk
2016-02-29 18:42 - 2016-02-29 18:42 - 00001724 _____ C:\Users\Not\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2016-02-29 18:42 - 2016-02-29 18:42 - 00000176 _____ C:\Windows\REC-NET.INI
2016-02-29 18:42 - 2016-02-29 18:42 - 00000000 ___HD C:\Program Files\InstallJammer Registry
2016-02-29 18:42 - 2016-02-29 18:42 - 00000000 ____D C:\Users\Not\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2016
2016-02-29 18:42 - 2016-02-29 18:42 - 00000000 ____D C:\Program Files\Programas RFB
2016-02-29 18:38 - 2016-02-29 18:38 - 06191735 _____ (Serpro - Serviço Federal de Processamento de Dados) C:\Users\Not\Desktop\Receitanet-1.07.exe
2016-02-29 18:37 - 2016-02-29 18:38 - 26228720 _____ (Receita Federal do Brasil) C:\Users\Not\Desktop\IRPF2016Win32v1.0.exe
2016-02-26 08:57 - 2016-02-26 08:57 - 00570911 _____ C:\Users\Not\Desktop\Orientações_Projeto_Didatico_20161.pdf
2016-02-21 10:06 - 2016-02-21 10:20 - 00000000 ____D C:\Users\Not\Desktop\FONTES 1
2016-02-20 10:32 - 2016-02-26 07:56 - 00000000 ____D C:\Users\Not\Desktop\INSPIRAÇÕES
2016-02-17 07:47 - 2016-02-17 07:47 - 00000000 ____D C:\Users\Not\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-10 18:05 - 2016-02-10 18:05 - 00753032 _____ C:\Users\Not\Desktop\Marisa.pdf
2015-12-30 16:58 - 2015-12-30 17:02 - 00000053 _____ C:\Users\Not\Desktop\cupom desconto madeira madeira.txt
2015-12-30 08:00 - 2015-12-30 08:00 - 00000064 _____ C:\Users\Not\Desktop\carro.txt
2015-12-10 18:34 - 2015-11-24 10:04 - 00113272 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddin32.sys

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-01 09:00 - 2014-12-22 11:42 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-01 08:38 - 2015-04-10 09:31 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045531-4293645944-74723622-1000UA.job
2016-03-01 08:10 - 2015-06-19 09:07 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-01 08:07 - 2015-06-19 08:57 - 00001022 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1918045531-4293645944-74723622-1000UA.job
2016-03-01 07:22 - 2015-02-05 16:49 - 00000000 ___RD C:\Users\Not\Dropbox
2016-03-01 07:18 - 2009-07-14 01:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-01 07:18 - 2009-07-14 01:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-01 07:17 - 2010-11-20 23:33 - 00752692 _____ C:\Windows\system32\prfh0416.dat
2016-03-01 07:17 - 2010-11-20 23:33 - 00163932 _____ C:\Windows\system32\prfc0416.dat
2016-03-01 07:17 - 2010-11-20 18:01 - 01765296 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-01 07:17 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-03-01 07:16 - 2015-02-05 15:34 - 00000000 ____D C:\Users\Not\AppData\Roaming\Dropbox
2016-03-01 07:14 - 2014-12-22 11:42 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 07:11 - 2015-11-19 13:54 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-03-01 07:11 - 2015-05-14 09:05 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-03-01 07:11 - 2015-05-14 09:05 - 00000000 ____D C:\ProgramData\GbPlugin
2016-03-01 07:11 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-29 20:38 - 2015-04-10 09:31 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918045531-4293645944-74723622-1000Core.job
2016-02-29 18:44 - 2015-07-14 20:48 - 00000000 ____D C:\Arquivos de Programas RFB
2016-02-29 18:42 - 2015-07-14 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
2016-02-29 16:33 - 2014-12-22 12:52 - 00000693 _____ C:\Windows\password.klc
2016-02-29 11:07 - 2015-06-19 08:57 - 00000970 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1918045531-4293645944-74723622-1000Core.job
2016-02-27 08:37 - 2014-12-22 16:45 - 00000338 _____ C:\Windows\lgfwup.ini
2016-02-27 07:45 - 2014-12-22 16:45 - 00000000 ____D C:\Program Files\lg_fwupdate
2016-02-26 08:42 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-19 19:52 - 2014-12-22 11:47 - 00211976 _____ C:\Users\Not\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-19 19:51 - 2009-07-14 01:33 - 04159280 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-19 19:04 - 2015-03-25 16:48 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 09:24 - 2015-01-26 21:01 - 00002154 _____ C:\Users\Not\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-02-18 09:24 - 2015-01-26 21:01 - 00000000 ___RD C:\Users\Not\OneDrive
2016-02-10 15:10 - 2015-06-19 09:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 15:10 - 2015-06-19 09:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-04 11:45 - 2015-11-24 13:26 - 00000000 ____D C:\Users\Not\Desktop\LUCAS ESCOLA

==================== Arquivos na raiz de alguns diretórios =======

2015-01-09 17:44 - 2015-01-09 17:44 - 0016559 _____ () C:\Users\Not\AppData\Roaming\unins000.dat
2015-01-09 17:44 - 2015-01-09 17:44 - 0811218 _____ () C:\Users\Not\AppData\Roaming\unins000.exe
2015-01-15 21:55 - 2015-01-15 21:55 - 0016232 _____ () C:\Users\Not\AppData\Roaming\unins001.dat
2015-01-15 21:55 - 2015-01-15 21:55 - 0730322 _____ () C:\Users\Not\AppData\Roaming\unins001.exe
2015-05-14 09:04 - 2015-05-14 09:04 - 0016629 _____ () C:\Users\Not\AppData\Roaming\unins002.dat
2015-05-14 09:04 - 2015-05-14 09:04 - 0815826 _____ () C:\Users\Not\AppData\Roaming\unins002.exe
2015-03-24 13:21 - 2015-03-24 13:21 - 0000292 _____ () C:\Users\Not\AppData\Local\Temp-log.txt

Alguns arquivos em TEMP:
====================
C:\Users\Not\AppData\Local\Temp\atcMedia5941431074910.exe
C:\Users\Not\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpovsj7d.dll
C:\Users\Not\AppData\Local\Temp\GUR15C1.exe
C:\Users\Not\AppData\Local\Temp\GUR9D38.exe
C:\Users\Not\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Not\AppData\Local\Temp\jre-8u65-windows-au.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-02-29 19:51

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité