cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:13-04-2016
Executado por rodnei (administrador) em RODNEY (15-04-2016 11:49:14)
Executando a partir de D:\
Perfis Carregados: rodnei (Perfis Disponíveis: rodnei)
Platform: Microsoft Windows 8.1 Pro (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\ProgramData\msiql.exe
() C:\ProgramData\testLive.exe
(BitTorrent Inc.) C:\Users\jeferson\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\jeferson\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\jeferson\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_9e0ce1b7e2d9567e\TiWorker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Raptr] => C:\Program Files\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6749912 1999-12-31] (Realtek Semiconductor)
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [GoogleChromeAutoLaunch_9DF037B51EE0CD890A38C608410BE30D] => C:\Program Files\Google\Chrome\Application\chrome.exe [874136 2016-03-27] (Google Inc.)
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [msiql] => C:\ProgramData\msiql.exe [1917952 2016-04-10] ()
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [testLive] => C:\ProgramData\testLive.exe [1852928 2016-04-10] ()
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\...\Run: [uTorrent] => C:\Users\jeferson\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-06] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jeferson\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jeferson\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jeferson\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-11] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{46AC60FA-89FF-4E11-B08F-0A922FBBA488}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131052035975728006&GUID=42F3DB40-438C-431D-A9A9-17E38E7E7361
HKU\S-1-5-21-3432814789-2965008644-2179891986-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131052035975737730&GUID=42F3DB40-438C-431D-A9A9-17E38E7E7361
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3432814789-2965008644-2179891986-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3432814789-2965008644-2179891986-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3432814789-2965008644-2179891986-1002 -> {1BBFCE28-44ED-4F5B-8482-4CB709F528DA} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Facebook) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-11-01]
CHR Extension: (Google Search) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Documentos Google off-line) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Google Play Music) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-11-01]
CHR Extension: (Google Play) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-11-01]
CHR Extension: (Google Maps) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-11-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\jeferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-03] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-03] (Microsoft Corporation)
S2 GoogleChromeUpService; não ImagePath
S2 GoogleChromeUpSvc; não ImagePath
S2 rijufoze; C:\Program Files\B709ED00-1460299258-11DC-A1EC-40167EE70D21\hnsp67BF.tmp [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [15528 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB3.sys [82944 2015-07-15] (Advanced Micro Devices)
R1 egg_protect; C:\Windows\EProtect_x86.sys [17296 2016-04-13] ()
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [38512 2015-11-12] (LogMeIn Inc.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13368 2016-02-22] (SlimWare Utilities, Inc.)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [98704 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [163576 2015-11-10] (Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [38392 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [227136 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-03] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-11-21] (Microsoft Corporation)
S0 MPCBase; System32\drivers\MPCBase.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S1 QMUdisk; \??\D:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QMUdisk.sys [X]
S1 softaal; \??\D:\Program Files\Tencent\QQPCMgr\11.4.17339.217\softaal.sys [X]
S1 SRepairDrv; \??\C:\Program Files\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
S2 tsnethlp; \??\D:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TsNetHlp.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-04-15 11:47 - 2016-04-15 11:49 - 00000000 ___DC C:\FRST
2016-04-15 11:03 - 2016-04-15 11:24 - 00000000 ___DC C:\Program Files\WinZipper
2016-04-15 11:03 - 2016-04-15 11:03 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\WinZiper
2016-04-15 11:03 - 2016-04-15 11:03 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\eCyber
2016-04-15 11:03 - 2016-04-15 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-15 11:01 - 2016-04-15 11:01 - 00000000 ____D C:\Users\Todos os Usuários\OwinpO
2016-04-15 11:01 - 2016-04-15 11:01 - 00000000 ____D C:\ProgramData\OwinpO
2016-04-13 12:06 - 2016-04-13 12:06 - 00017296 _____ C:\Windows\EProtect_x86.sys
2016-04-11 08:20 - 2016-04-11 08:25 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-04-11 08:20 - 2016-04-11 08:25 - 00000000 ____D C:\ProgramData\System32
2016-04-10 12:58 - 2016-04-10 12:58 - 00001020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2016-04-10 12:58 - 2016-04-10 12:58 - 00001008 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk
2016-04-10 12:58 - 2016-04-10 12:58 - 00000016 _____ C:\Users\Todos os Usuários\mntemp
2016-04-10 12:58 - 2016-04-10 12:58 - 00000016 _____ C:\ProgramData\mntemp
2016-04-10 12:58 - 2016-04-10 12:58 - 00000000 ___DC C:\Program Files\Total Uninstall 6
2016-04-10 12:58 - 2016-04-10 12:58 - 00000000 ____D C:\Users\Todos os Usuários\Martau
2016-04-10 12:58 - 2016-04-10 12:58 - 00000000 ____D C:\ProgramData\Martau
2016-04-10 12:44 - 2016-04-10 12:44 - 00039928 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2016-04-10 12:40 - 2016-04-10 12:40 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe
2016-04-10 12:40 - 2016-04-10 12:40 - 01917952 _____ C:\ProgramData\msiql.exe
2016-04-10 12:40 - 2016-04-10 12:40 - 01852928 _____ C:\Users\Todos os Usuários\testLive.exe
2016-04-10 12:40 - 2016-04-10 12:40 - 01852928 _____ C:\ProgramData\testLive.exe
2016-04-10 12:40 - 2016-04-10 12:40 - 00000000 ____D C:\Users\jeferson\AppData\Local\mpck_en_005030294
2016-04-10 12:15 - 2016-04-10 12:15 - 00000000 ____D C:\Users\jeferson\.android
2016-04-10 12:09 - 2016-04-10 12:44 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC
2016-04-10 12:09 - 2016-04-10 12:44 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-10 12:09 - 2016-04-10 12:09 - 00005120 _____ C:\Users\jeferson\AppData\Roaming\GiftBag.db
2016-04-10 12:09 - 2016-04-10 12:08 - 00090872 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx.sys
2016-04-10 12:08 - 2016-04-10 12:09 - 00000000 ___DC C:\Program Files\Common Files\Tencent
2016-04-10 12:08 - 2016-04-10 12:08 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-04-10 12:07 - 2016-04-10 13:09 - 00000000 ____D C:\Users\Todos os Usuários\Tencent
2016-04-10 12:07 - 2016-04-10 13:09 - 00000000 ____D C:\ProgramData\Tencent
2016-04-10 12:07 - 2016-04-10 12:44 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\Tencent
2016-04-10 11:49 - 2016-04-10 12:39 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-04-10 11:44 - 2016-04-10 12:40 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-04-10 11:44 - 2016-04-10 12:40 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-10 11:44 - 2016-04-10 12:35 - 00000000 ____D C:\Users\jeferson\AppData\Local\mbot_en_037050293
2016-04-10 11:44 - 2016-04-10 11:44 - 00016815 _____ C:\Users\Todos os Usuários\webad.xml
2016-04-10 11:44 - 2016-04-10 11:44 - 00016815 _____ C:\ProgramData\webad.xml
2016-04-10 11:44 - 2016-04-10 11:44 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-04-10 11:44 - 2016-04-10 11:44 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\LightGate
2016-04-10 11:44 - 2016-04-10 11:44 - 00000000 ____D C:\Users\jeferson\AppData\Local\csdi_monetize_120160408
2016-04-10 11:44 - 2016-04-10 11:44 - 00000000 ____D C:\ProgramData\Windows Update
2016-04-10 11:44 - 2016-04-10 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-04-10 11:44 - 2016-04-05 19:37 - 00114176 _____ C:\Users\Todos os Usuários\hp.exe
2016-04-10 11:44 - 2016-04-05 19:37 - 00114176 _____ C:\ProgramData\hp.exe
2016-04-10 11:43 - 2016-04-10 11:44 - 00000000 ___DC C:\Program Files\SpaceSoundPro
2016-04-10 11:43 - 2016-04-10 11:43 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-04-10 11:43 - 2016-04-10 11:43 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-04-10 11:43 - 2016-04-10 11:43 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\UPUpdata
2016-04-10 11:43 - 2016-04-10 11:43 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\gplyra
2016-04-10 11:42 - 2016-04-15 11:20 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\XBox
2016-04-10 11:42 - 2016-04-10 12:38 - 00000000 ____D C:\Users\jeferson\AppData\Local\B709ED00-1460288556-11DC-A1EC-40167EE70D21
2016-04-10 11:42 - 2016-04-10 11:42 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-10 11:41 - 2016-04-10 11:41 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-10 11:41 - 2016-04-10 11:41 - 00000000 ____D C:\Users\jeferson\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-10 11:41 - 2016-04-10 11:40 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-06 18:19 - 2016-04-15 11:35 - 00000000 ____D C:\Users\jeferson\AppData\LocalLow\uTorrent
2016-03-19 12:24 - 2016-03-19 12:24 - 00000851 _____ C:\Users\jeferson\Desktop\PointBlank.lnk

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-04-15 11:48 - 2013-08-22 05:05 - 00000000 ____D C:\Windows\CbsTemp
2016-04-15 11:46 - 2015-11-02 17:58 - 00049152 ___SH C:\Users\jeferson\Downloads\Thumbs.db
2016-04-15 11:46 - 2015-11-01 19:16 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\uTorrent
2016-04-15 11:40 - 2015-12-30 13:14 - 00000000 ____D C:\Program Files\Steam
2016-04-15 11:38 - 2015-11-01 19:05 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-15 11:35 - 2015-11-12 16:25 - 00000000 ____D C:\Users\jeferson\AppData\Roaming\Skype
2016-04-15 11:35 - 2015-11-01 19:02 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 11:35 - 2013-08-22 04:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 11:18 - 2015-11-01 19:02 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-15 11:03 - 2015-04-19 08:11 - 00774702 _____ C:\Windows\system32\prfh0416.dat
2016-04-15 11:03 - 2015-04-19 08:11 - 00158296 _____ C:\Windows\system32\prfc0416.dat
2016-04-15 11:03 - 2014-11-21 00:14 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 11:03 - 2013-08-22 03:21 - 00000000 ____D C:\Windows\inf
2016-04-13 20:45 - 2015-11-01 18:29 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-12 17:37 - 2013-08-22 03:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-10 20:05 - 2015-11-02 17:58 - 00182272 ___SH C:\Users\jeferson\Desktop\Thumbs.db
2016-04-10 13:02 - 2014-12-31 00:50 - 00000000 ____D C:\Windows\Panther
2016-04-10 12:43 - 2013-08-22 04:22 - 00336272 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-10 12:35 - 2015-11-01 19:03 - 00002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 12:35 - 2015-11-01 19:03 - 00002038 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 12:15 - 2015-11-01 18:27 - 00000000 ____D C:\Users\jeferson
2016-04-10 12:08 - 2015-11-01 18:29 - 00000000 ____D C:\Users\jeferson\AppData\Local\VirtualStore
2016-04-10 11:42 - 2015-11-01 18:40 - 00000000 ____D C:\Users\Todos os Usuários\AMD
2016-04-10 11:42 - 2015-11-01 18:40 - 00000000 ____D C:\ProgramData\AMD
2016-04-08 12:18 - 2013-08-22 05:17 - 00000000 ____D C:\Windows\AppReadiness
2016-04-01 17:42 - 2015-12-30 13:14 - 00000000 ___DC C:\Program Files\Common Files\Steam
2016-03-19 10:41 - 2015-11-12 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-03-19 10:41 - 2015-11-12 16:25 - 00000000 ____D C:\ProgramData\Skype

==================== Arquivos na raiz de alguns diretórios =======

2016-04-10 12:09 - 2016-04-10 12:09 - 0005120 _____ () C:\Users\jeferson\AppData\Roaming\GiftBag.db
2016-01-06 21:09 - 2016-02-07 10:09 - 0000198 _____ () C:\Users\jeferson\AppData\Roaming\WB.CFG
2015-11-01 18:50 - 2015-11-01 18:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-10 11:44 - 2016-04-05 19:37 - 0114176 _____ () C:\ProgramData\hp.exe
2016-04-10 12:58 - 2016-04-10 12:58 - 0000016 _____ () C:\ProgramData\mntemp
2016-04-10 12:40 - 2016-04-10 12:40 - 1917952 _____ () C:\ProgramData\msiql.exe
2016-04-10 12:40 - 2016-04-10 12:40 - 1852928 _____ () C:\ProgramData\testLive.exe
2016-04-10 11:44 - 2016-04-10 11:44 - 0016815 _____ () C:\ProgramData\webad.xml

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\hp.exe
C:\ProgramData\msiql.exe
C:\ProgramData\testLive.exe
C:\Users\Todos os Usuários\hp.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\testLive.exe


Alguns arquivos em TEMP:
====================
C:\Users\jeferson\AppData\Local\Temp\3CTKDSA695.exe
C:\Users\jeferson\AppData\Local\Temp\GYRK3MK5DL.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-04-06 08:20

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité