cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Faz Paz (administrador) em ADOLESER-PC (06-03-2016 15:19:02)
Executando a partir de C:\Users\Faz Paz\Downloads
Perfis Carregados: Faz Paz (Perfis Disponíveis: AdoleSer & Faz Paz)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\hnsc44ED.tmp
() C:\Program Files\AB79FC9C-1437069383-11E1-ACF2-8EA4FFD290E4\knss237A.tmp
() C:\Users\Faz Paz\AppData\Local\AB79FC9C-1437664941-11E1-ACF2-8EA4FFD290E4\snsy3BA.tmp
() C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\jnsc275D.tmp
() C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\knss485F.tmpfs
() C:\Program Files\AB79FC9C-1437069383-11E1-ACF2-8EA4FFD290E4\knst2EAC.tmpfs
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
(TU-Funs LIMITED) C:\ProgramData\cWdMc\WdMan.exe
() C:\Users\Faz Paz\AppData\Roaming\WinNetSvc\WinNetSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
() C:\Program Files\CalendarTool\2.0.0.11189\calendar.exe
(Samsung) C:\Program Files\Samsung\Easy Software Manager\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files\Samsung\Easy Settings\EasySpeedUpManager.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Windows\Temp\D5CA.tmp
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Marcos Velasco Security\MV RegClean 5.0\MVREGCLEAN.EXE
(Google Inc.) C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
() C:\Users\Faz Paz\AppData\Local\AB79FC9C-1457277253-11E1-ACF2-8EA4FFD290E4\qnsn4AC7.tmp
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [gmsd_br_005010033] => [X]
HKLM\...\Run: [dply_en_036020102] => [X]
HKLM\...\Run: [gmsd_br_005010102] => [X]
HKLM\...\Run: [rec_en_216] => [X]
HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKLM\...\RunOnce: [updply_en_003020257.exe] => C:\Users\Faz Paz\AppData\Local\dply_en_003020257\updply_en_003020257.exe [3242160 2016-03-04] ()
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\...\Run: [Google Update] => C:\Users\Faz Paz\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-30] (Google Inc.)
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\...\Run: [Birds] => C:\Users\Faz Paz\AppData\Local\Birds\birds365.exe [113664 2016-03-04] (Birds)
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\...\Run: [msiql] => C:\ProgramData\msiql.exe [1888256 2016-03-02] ()
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\...\Run: [Pritc] => C:\windows\TEMP\is-2K5UT.tmp\print.exe [2960896 2016-03-03] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06F55393-1394-4E97-88A5-F1F9400B4EC6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F0A84DF4-0846-4FF6-B135-E4FE471BE133}: [DhcpNameServer] 10.0.0.104 10.0.0.105
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=J2110051JKYSXA_HTS547550A9E&tm=1437069173
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=J2110051JKYSXA_HTS547550A9E&tm=1437069173
HKU\S-1-5-21-2024917573-778391308-1144547051-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=J2110051JKYSXA_HTS547550A9E&tm=1437069173
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2024917573-778391308-1144547051-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Faz Paz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2024917573-778391308-1144547051-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Faz Paz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Faz Paz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Faz Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-05]
CHR Extension: (Easy Search) - C:\Users\Faz Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-03-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Faz Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-05]
StartMenuInternet: Google Chrome.AT5J2VXCNX5KIZTMHCP6JUWPMQ - C:\Users\Faz Paz\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-09-15] (Intel Corporation)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [936272 2011-10-18] (Intel Corporation)
S3 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1354064 2011-10-18] (Intel Corporation)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1001808 2011-10-18] (Intel Corporation)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [102672 2011-06-03] (Intel(R) Corporation)
R2 comyninu; C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\hnsc44ED.tmp [161792 2015-07-23] () [Arquivo não assinado]
R2 futeqysi; C:\Program Files\AB79FC9C-1437069383-11E1-ACF2-8EA4FFD290E4\knss237A.tmp [336384 2015-07-16] () [Arquivo não assinado]
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-04] (TODO: ) [Arquivo não assinado]
R2 gopibeko; C:\Users\Faz Paz\AppData\Local\AB79FC9C-1437664941-11E1-ACF2-8EA4FFD290E4\snsy3BA.tmp [120832 2015-07-23] () [Arquivo não assinado]
R2 hyverumu; C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\jnsc275D.tmp [209920 2015-07-23] () [Arquivo não assinado]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S2 NetTcpHandler; C:\Users\Faz Paz\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 WdMan; C:\ProgramData\cWdMc\WdMan.exe [330504 2016-03-04] (TU-Funs LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Faz Paz\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
R2 zigipyro; C:\Users\Faz Paz\AppData\Local\AB79FC9C-1457277253-11E1-ACF2-8EA4FFD290E4\qnsn4AC7.tmp [158720 2015-12-26] () [Arquivo não assinado]
R2 keciryfi; C:\Program Files\AB79FC9C-1437675532-11E1-ACF2-8EA4FFD290E4\knss485F.tmpfs [X]
R2 nodoloke; C:\Program Files\AB79FC9C-1437069383-11E1-ACF2-8EA4FFD290E4\knst2EAC.tmpfs [X]
S2 wsasvc_1.10.0.19; não ImagePath

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AMPPAL; C:\windows\System32\DRIVERS\AMPPAL.sys [243712 2011-09-15] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\windows\System32\DRIVERS\amppal.sys [243712 2011-09-15] (Windows (R) Win 7 DDK provider)
S3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [249504 2011-04-29] (Atheros)
R3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [43008 2011-08-29] (Intel Corporation)
R3 btmhsf; C:\windows\System32\DRIVERS\btmhsf.sys [230912 2011-10-10] (Intel Corporation)
R1 cherimoya; C:\windows\System32\drivers\cherimoya.sys [49408 2016-03-04] (Cherimoya Ltd) [Arquivo não assinado]
R3 iBtFltCoex; C:\windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-10-11] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\windows\System32\DRIVERS\iSafeKrnlBoot.sys [48784 2015-04-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [52712 2015-08-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-11-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\windows\System32\DRIVERS\iSafeNetFilter.sys [58640 2015-09-09] (Elex do Brasil Participações Ltda)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl923c917a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71666D5C-F69E-46E3-B00C-FD6C187279F4}\MpKsl923c917a.sys [39168 2016-03-05] (Microsoft Corporation)
R3 NETwNs32; C:\windows\System32\DRIVERS\NETwNs32.sys [7515136 2011-09-17] (Intel Corporation)
R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv.sys [6144 2011-04-12] (Phoenix Technologies Ltd.)
S3 wdf_usb; C:\windows\System32\DRIVERS\usb2ser.sys [37888 2011-12-05] (MediaTek Inc.) [Arquivo não assinado]
R1 {82c27df2-9bb0-4d17-9689-3477c963d7e2}Gw; C:\windows\System32\drivers\{82c27df2-9bb0-4d17-9689-3477c963d7e2}Gw.sys [43112 2016-03-04] (StdLib)
S3 BdApiUtil; não ImagePath
S3 BdCameraProtect; não ImagePath
S1 Bfilter; não ImagePath
S1 Bfmon; não ImagePath
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S1 Bprotect; não ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


Publicité


Signaler le contenu de ce document

Publicité