cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:03-05-2016
Executado por RICK (administrador) em RICK-PC (03-05-2016 10:25:55)
Executando a partir de C:\Users\RICK\Downloads
Perfis Carregados: RICK (Perfis Disponíveis: RICK)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\712698bb44131be9ed3ceb58fb33f4b1.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\4cc9dc8dbd3232f17bf04fa6b92631af.exe
() C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\712698bb44131be9ed3ceb58fb33f4b1.exe
(Rational Thought Solutions) C:\ProgramData\WgYiXWI\nMAFVBP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\Program Files (x86)\Genius\Imperator\IMhid.exe
() C:\Windows\SysWOW64\DeltaIITray.exe
() C:\ProgramData\Snujsoimcugas\1.0.7.1\jnopiwlu.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\Snujsoimcugas\1.0.7.1\jnopiwlu.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(eee) C:\ProgramData\apptj.exe
() C:\ProgramData\adb.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\4cc9dc8dbd3232f17bf04fa6b92631af.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Imperator] => C:\Program Files (x86)\Genius\Imperator\IMhid.exe [281600 2012-03-02] ()
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\DeltaIITray.exe [236040 2009-07-28] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-02] (Raptr, Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-05-03] (Tencent)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
HKU\S-1-5-21-3113805665-1657345319-1198678706-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
HKU\S-1-5-21-3113805665-1657345319-1198678706-1001\...\Run: [Installer] => C:\Users\RICK\AppData\Local\Temp\yeaplayer51495.exe [1968640 2016-05-03] (TZ) <===== ATENÇÃO
HKU\S-1-5-21-3113805665-1657345319-1198678706-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] ()
HKU\S-1-5-21-3113805665-1657345319-1198678706-1001\...\MountPoints2: {e0a7dd40-ca75-11e5-af54-002421fd32f0} - G:\LGAutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: 127.0.0.1 clients2.google.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7AE65758-28A9-4294-B4C4-B872EF6455CD}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131067129384189453&GUID=BB169027-5545-4087-A426-51830BFE199D
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3113805665-1657345319-1198678706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3113805665-1657345319-1198678706-1001 -> DefaultScope {4282655D-6440-453A-B476-C80774A270C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3113805665-1657345319-1198678706-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = www.google.com
SearchScopes: HKU\S-1-5-21-3113805665-1657345319-1198678706-1001 -> {4282655D-6440-453A-B476-C80774A270C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3113805665-1657345319-1198678706-1001 -> {D400492C-B40E-4A87-A24B-4B99F3B5C801} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3113805665-1657345319-1198678706-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = www.google.com
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-09-02] (IObit)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat [2016-05-03] (Tencent)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\82cd76889bc91e5f370653f7375471e4.dll [2016-04-30] ()
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\RICK\AppData\Roaming\Mozilla\Firefox\Profiles\01ec3xa8.default
FF NewTab: www.google.com
FF SelectedSearchEngine: www.google.com
FF Homepage: hxxps://www.youtube.com/watch?v=J2HLAGMZvoE&nohtml5=False
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [Nenhum Arquivo]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [2016-05-03] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3113805665-1657345319-1198678706-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-04-05] ()
FF Extension: Quick Searcher - C:\Users\RICK\AppData\Roaming\Mozilla\Firefox\Profiles\01ec3xa8.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-05-03] [não assinado]
FF Extension: TSearch - C:\Users\RICK\AppData\Roaming\Mozilla\Firefox\Profiles\01ec3xa8.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-05-03] [não assinado]
FF Extension: Adblock Plus - C:\Users\RICK\AppData\Roaming\Mozilla\Firefox\Profiles\01ec3xa8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{d8139727-0c0e-430a-a25b-d1fa4e9d4a75}] - C:\Program Files\shopperz02082015\Firefox => não encontrado (a)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaamnkbkbppehfhhkmiodoniifhfpkka] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 2e3df8428b256232c34f08ddd72134e6; C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb\712698bb44131be9ed3ceb58fb33f4b1.exe [9344512 2016-04-30] () [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-11-04] (GAS Tecnologia)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-04-27] () [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 nMAFVBP; C:\ProgramData\WgYiXWI\nMAFVBP.exe [2732016 2015-08-03] (Rational Thought Solutions)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-07-12] ()
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-05-03] (Tencent)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 FahwLudsaj; não ImagePath
S2 shopperz02082015 Updater; não ImagePath

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-03] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-03-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-05-03] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-05-03] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-23] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-10] (REALiX(tm))
R3 KYEGKB; C:\Windows\System32\drivers\KYEGKB.sys [25600 2015-07-10] ( )
S3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV64.sys [894336 2010-03-10] (Line 6)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-05] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-05] (Microsoft Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [184952 2016-04-19] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-05-03] (电脑管家)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89880 2016-05-03] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [137976 2016-05-03] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-05-03] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-05-03] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-05-03] ()
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-05-03] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-05-03] (电脑管家)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-23] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-08] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-05-03] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-03 10:26 - 2016-05-03 10:27 - 00016694 _____ C:\Users\RICK\Downloads\FRST.txt
2016-05-03 10:22 - 2016-05-03 10:22 - 00005120 _____ C:\Users\RICK\AppData\Roaming\GiftBag.db
2016-05-03 10:21 - 2016-05-03 10:25 - 00000000 ____D C:\FRST
2016-05-03 10:21 - 2016-05-03 10:21 - 02377216 _____ (Farbar) C:\Users\RICK\Downloads\FRST64.exe
2016-05-03 10:21 - 2016-05-03 10:21 - 00137976 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2016-05-03 10:21 - 2016-05-03 10:21 - 00089880 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2016-05-03 10:21 - 2016-05-03 10:21 - 00087800 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-05-03 10:21 - 2016-05-03 10:21 - 00045304 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-05-03 10:21 - 2016-05-03 10:21 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC
2016-05-03 10:21 - 2016-05-03 10:21 - 00000000 ____D C:\Users\RICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-05-03 10:21 - 2016-05-03 10:21 - 00000000 ____D C:\ProgramData\TXQMPC
2016-05-03 10:21 - 2016-05-03 10:21 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-05-03 10:20 - 2016-05-03 10:20 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-05-03 10:19 - 2016-05-03 10:27 - 00000000 ____D C:\Users\RICK\AppData\Roaming\Tencent
2016-05-03 10:19 - 2016-05-03 10:24 - 00000000 ____D C:\Users\Todos os Usuários\Tencent
2016-05-03 10:19 - 2016-05-03 10:24 - 00000000 ____D C:\ProgramData\Tencent
2016-05-03 10:19 - 2016-05-03 10:19 - 00413439 _____ C:\Users\Todos os Usuários\xdo.zip
2016-05-03 10:19 - 2016-05-03 10:19 - 00413439 _____ C:\ProgramData\xdo.zip
2016-05-03 10:19 - 2016-04-27 05:03 - 01253376 _____ (eee) C:\Users\Todos os Usuários\apptj.exe
2016-05-03 10:19 - 2016-04-27 05:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-03 10:09 - 2016-05-03 10:19 - 01728000 _____ (Farbar) C:\Users\RICK\Downloads\FRST.exe
2016-05-03 10:01 - 2016-05-03 10:01 - 00000000 ____D C:\Program Files\51f14c38dedbc10a0dc5e3b2b0e8abfb
2016-05-03 10:00 - 2016-05-03 10:00 - 00000000 ____D C:\Users\RICK\AppData\Local\Yeaplayer
2016-05-03 09:59 - 2016-04-25 22:46 - 02496403 _____ ( ) C:\Users\RICK\AppData\Roaming\yeaplayer_51495.exe
2016-05-03 09:58 - 2016-04-21 22:50 - 01266688 _____ C:\Users\Todos os Usuários\conhost51495.exe
2016-05-03 09:58 - 2016-04-21 22:50 - 01266688 _____ C:\ProgramData\conhost51495.exe
2016-05-03 09:51 - 2016-05-03 09:51 - 00000000 ____D C:\Users\RICK\AppData\Local\Setup Wizard
2016-05-03 09:42 - 2016-05-03 09:42 - 00000286 __RSH C:\Users\RICK\ntuser.pol
2016-05-03 09:38 - 2016-05-03 09:40 - 00606208 _____ C:\Users\RICK\AppData\Roaming\svrupg.exe
2016-05-03 09:38 - 2016-05-03 09:38 - 00002303 _____ C:\Users\Todos os Usuários\webad.xml
2016-05-03 09:38 - 2016-05-03 09:38 - 00002303 _____ C:\ProgramData\webad.xml
2016-05-03 09:38 - 2016-05-03 09:38 - 00000000 ____D C:\Users\Todos os Usuários\Thunder Network
2016-05-03 09:38 - 2016-05-03 09:38 - 00000000 ____D C:\Users\Public\Thunder Network
2016-05-03 09:38 - 2016-05-03 09:38 - 00000000 ____D C:\ProgramData\Thunder Network
2016-05-03 09:37 - 2016-05-03 09:37 - 00177152 _____ C:\Windows\svchost.exe
2016-05-03 09:37 - 2016-05-03 09:37 - 00003014 _____ C:\Windows\System32\Tasks\ttwifi
2016-05-03 09:37 - 2016-05-03 09:37 - 00002910 _____ C:\Windows\System32\Tasks\osTip
2016-05-03 09:37 - 2016-05-03 09:37 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-05-03 09:37 - 2016-05-03 09:37 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-05-03 09:36 - 2016-05-03 09:36 - 01308672 _____ C:\Windows\csrss.exe
2016-05-03 09:36 - 2016-05-03 09:36 - 00963232 _____ (Microsoft Corporation) C:\Windows\msvcr120.dll
2016-05-03 09:36 - 2016-05-03 09:36 - 00082944 _____ (Open Source Software community LGPL) C:\Windows\pthreadVC2.dll
2016-05-03 09:36 - 2016-05-03 09:36 - 00028819 _____ C:\Windows\decred.cl
2016-05-03 09:36 - 2016-04-27 14:51 - 01755136 _____ C:\Users\Todos os Usuários\service.exe
2016-05-03 09:36 - 2016-04-27 14:51 - 01755136 _____ C:\Users\RICK\AppData\Roaming\service.exe
2016-05-03 09:36 - 2016-04-27 14:51 - 01755136 _____ C:\ProgramData\service.exe
2016-05-03 09:35 - 2016-05-03 09:35 - 00073216 _____ C:\Windows\taskmgr.exe
2016-05-03 09:35 - 2016-05-03 09:35 - 00002942 _____ C:\Windows\System32\Tasks\svchost
2016-04-30 02:25 - 2016-04-30 02:25 - 00513024 _____ C:\Windows\60dda618416c5291492df51fd73082aa.exe
2016-04-28 03:41 - 2016-04-28 03:41 - 00000979 _____ C:\Users\RICK\Desktop\BattlefrontII.lnk
2016-04-28 03:33 - 2016-04-28 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-04-28 03:28 - 2016-04-28 03:28 - 00000000 ____D C:\GOG Games
2016-04-28 03:19 - 2016-04-28 03:20 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2016-04-28 03:19 - 2016-04-28 03:20 - 00000000 ____D C:\ProgramData\Temp
2016-04-27 15:29 - 2016-04-27 16:00 - 185041090 _____ C:\Users\RICK\Downloads\JAB.1.zip
2016-04-27 04:57 - 2016-04-27 04:58 - 06024575 _____ C:\Users\RICK\Downloads\Battlefront_II_Better_Graphics.zip
2016-04-26 20:24 - 2016-04-26 20:24 - 00000009 ____N C:\Users\Todos os Usuários\a.bat
2016-04-26 20:24 - 2016-04-26 20:24 - 00000009 ____N C:\ProgramData\a.bat
2016-04-26 16:57 - 2016-04-26 16:57 - 00000000 ____D C:\Program Files\Star Wars Battlefront II
2016-04-23 23:19 - 2016-04-23 23:21 - 00000000 ____D C:\Users\RICK\AppData\Roaming\download
2016-04-23 23:19 - 2014-07-25 10:39 - 00293320 ____N (深圳市迅雷网络技术有限公司) C:\Users\RICK\AppData\Roaming\xldl.dll
2016-04-18 20:58 - 2016-04-18 20:58 - 00000000 ____D C:\Users\RICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-04-18 20:19 - 2016-04-18 20:30 - 64833080 _____ (Ubisoft) C:\Users\RICK\Downloads\UplayInstaller.exe
2016-04-18 20:18 - 2016-04-19 15:10 - 00000000 ____D C:\Users\RICK\Documents\My Games
2016-04-18 20:18 - 2016-04-18 20:18 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2016-04-18 20:18 - 2016-04-18 20:18 - 00000000 ____D C:\Users\Todos os Usuários\Orbit
2016-04-18 20:18 - 2016-04-18 20:18 - 00000000 ____D C:\ProgramData\Steam
2016-04-18 20:18 - 2016-04-18 20:18 - 00000000 ____D C:\ProgramData\Orbit
2016-04-05 11:33 - 2016-04-06 09:14 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-03 10:22 - 2015-08-03 04:02 - 00000000 ____D C:\Program Files (x86)\baidu
2016-05-03 10:21 - 2015-07-10 00:16 - 00000000 ____D C:\Users\RICK\AppData\Local\VirtualStore
2016-05-03 10:20 - 2015-08-23 03:54 - 00000000 ____D C:\Users\RICK\AppData\Local\HealthAlert
2016-05-03 10:11 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-03 10:11 - 2009-07-14 12:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-03 10:09 - 2009-07-30 00:08 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2016-05-03 10:09 - 2009-07-30 00:08 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2016-05-03 10:09 - 2009-07-14 13:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-03 10:09 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-05-03 10:08 - 2015-08-03 04:08 - 00003454 _____ C:\Windows\System32\Tasks\Snujsoimcugas
2016-05-03 10:04 - 2016-02-26 19:08 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-05-03 10:03 - 2016-02-26 19:12 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-05-03 10:03 - 2016-02-26 19:08 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-05-03 10:03 - 2016-02-26 19:08 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-05-03 10:03 - 2016-02-26 19:08 - 00000000 ____D C:\ProgramData\GbPlugin
2016-05-03 10:03 - 2016-02-26 19:08 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-05-03 10:03 - 2015-10-28 02:30 - 00002490 _____ C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-5.job
2016-05-03 10:03 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-03 10:00 - 2015-07-11 02:33 - 00002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_RICK
2016-05-03 09:49 - 2015-07-10 00:25 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-03 09:42 - 2015-07-10 00:16 - 00000000 ____D C:\Users\RICK
2016-05-03 09:41 - 2015-07-11 02:44 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-05-03 09:36 - 2015-07-10 00:16 - 00002141 _____ C:\Users\RICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-03 09:36 - 2015-07-10 00:16 - 00002141 _____ C:\Users\RICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-05-03 09:33 - 2015-08-03 06:11 - 00000886 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-03 09:33 - 2015-08-03 06:11 - 00000886 __RSH C:\ProgramData\ntuser.pol
2016-05-03 09:33 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-05-02 21:08 - 2015-07-15 03:56 - 00000000 ____D C:\Users\RICK\AppData\Roaming\vlc
2016-05-01 19:25 - 2015-08-30 23:41 - 00000000 ____D C:\Users\RICK\AppData\Roaming\dvdcss
2016-04-28 03:33 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-27 10:22 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-23 00:13 - 2015-08-03 03:24 - 00000000 ____D C:\Users\RICK\AppData\Roaming\uTorrent
2016-04-22 16:59 - 2016-02-16 00:09 - 00000000 ___SD C:\Users\RICK\AppData\LocalLow\Temp
2016-04-22 15:57 - 2015-07-10 00:52 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-19 20:36 - 2015-07-10 21:10 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-04-19 20:36 - 2015-07-10 21:10 - 00000000 ____D C:\ProgramData\Oracle
2016-04-19 20:34 - 2015-07-10 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-19 20:34 - 2015-07-10 21:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-19 20:33 - 2015-09-28 07:13 - 00000000 ____D C:\Users\RICK\.oracle_jre_usage
2016-04-19 20:33 - 2015-07-10 21:10 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-12 09:04 - 2015-08-03 05:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 19:50 - 2015-07-10 00:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 19:50 - 2015-07-10 00:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 19:50 - 2015-07-10 00:25 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-05 21:54 - 2015-07-12 23:53 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-04-05 12:10 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-05 10:58 - 2015-07-11 04:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Arquivos na raiz de alguns diretórios =======

2016-05-03 10:22 - 2016-05-03 10:22 - 0005120 _____ () C:\Users\RICK\AppData\Roaming\GiftBag.db
2016-05-03 09:36 - 2016-04-27 14:51 - 1755136 _____ () C:\Users\RICK\AppData\Roaming\service.exe
2016-05-03 09:38 - 2016-05-03 09:40 - 0606208 _____ () C:\Users\RICK\AppData\Roaming\svrupg.exe
2016-04-23 23:19 - 2014-07-25 10:39 - 0293320 ____N (深圳市迅雷网络技术有限公司) C:\Users\RICK\AppData\Roaming\xldl.dll
2016-05-03 09:59 - 2016-04-25 22:46 - 2496403 _____ ( ) C:\Users\RICK\AppData\Roaming\yeaplayer_51495.exe
2015-08-03 04:07 - 2015-08-03 04:06 - 0613255 _____ (CMI Limited) C:\Users\RICK\AppData\Local\nsyB21B.tmp
2016-04-26 20:24 - 2016-04-26 20:24 - 0000009 ____N () C:\ProgramData\a.bat
2010-08-29 04:43 - 2010-08-29 04:43 - 0577335 ____N () C:\ProgramData\adb.exe
2010-08-29 04:43 - 2010-08-29 04:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll
2010-08-29 04:43 - 2010-08-29 04:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
2016-01-22 00:11 - 2016-01-22 00:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-03 10:19 - 2016-04-27 05:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-03 09:58 - 2016-04-21 22:50 - 1266688 _____ () C:\ProgramData\conhost51495.exe
2010-08-29 04:43 - 2010-08-29 04:43 - 0356009 ____N () C:\ProgramData\fastboot.exe
2016-05-03 09:36 - 2016-04-27 14:51 - 1755136 _____ () C:\ProgramData\service.exe
2016-05-03 09:38 - 2016-05-03 09:38 - 0002303 _____ () C:\ProgramData\webad.xml
2016-05-03 10:19 - 2016-05-03 10:19 - 0413439 _____ () C:\ProgramData\xdo.zip
C:\Windows\svchost.exe
ATENÇÃO ====> Check for partition/boot infection.

Arquivos para serem movidos ou deletados:
====================
C:\Users\RICK\AppData\Local\Temp\yeaplayer51495.exe
C:\ProgramData\a.bat
C:\ProgramData\adb.exe
C:\ProgramData\AdbWinApi.dll
C:\ProgramData\AdbWinUsbApi.dll
C:\ProgramData\apptj.exe
C:\ProgramData\conhost51495.exe
C:\ProgramData\fastboot.exe
C:\ProgramData\service.exe
C:\Users\Todos os Usuários\a.bat
C:\Users\Todos os Usuários\adb.exe
C:\Users\Todos os Usuários\AdbWinApi.dll
C:\Users\Todos os Usuários\AdbWinUsbApi.dll
C:\Users\Todos os Usuários\apptj.exe
C:\Users\Todos os Usuários\conhost51495.exe
C:\Users\Todos os Usuários\fastboot.exe
C:\Users\Todos os Usuários\service.exe


Alguns arquivos em TEMP:
====================
C:\Users\RICK\AppData\Local\Temp\1438546554.exe
C:\Users\RICK\AppData\Local\Temp\1439578447.exe
C:\Users\RICK\AppData\Local\Temp\1892.exe
C:\Users\RICK\AppData\Local\Temp\2074.exe
C:\Users\RICK\AppData\Local\Temp\367.exe
C:\Users\RICK\AppData\Local\Temp\43.exe
C:\Users\RICK\AppData\Local\Temp\5282.exe
C:\Users\RICK\AppData\Local\Temp\646.exe
C:\Users\RICK\AppData\Local\Temp\705.exe
C:\Users\RICK\AppData\Local\Temp\8470.exe
C:\Users\RICK\AppData\Local\Temp\9144.exe
C:\Users\RICK\AppData\Local\Temp\9215.exe
C:\Users\RICK\AppData\Local\Temp\bitool.dll
C:\Users\RICK\AppData\Local\Temp\ComputerPalSetup.exe
C:\Users\RICK\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\RICK\AppData\Local\Temp\fsdD6F4.exe
C:\Users\RICK\AppData\Local\Temp\fufC3A9.exe
C:\Users\RICK\AppData\Local\Temp\IQIYIsetup_l_spl004@kb005.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\RICK\AppData\Local\Temp\L6GPInst.dll
C:\Users\RICK\AppData\Local\Temp\mini_insatller_rb.exe
C:\Users\RICK\AppData\Local\Temp\pps-qq-19.exe
C:\Users\RICK\AppData\Local\Temp\prepreinstaller_win.exe
C:\Users\RICK\AppData\Local\Temp\qqpcmgr_v10.9.16349.225_72467_Silence.exe
C:\Users\RICK\AppData\Local\Temp\qqpcmgr_v11.4.17339.217_45364_Silence.exe
C:\Users\RICK\AppData\Local\Temp\Quarantine.exe
C:\Users\RICK\AppData\Local\Temp\ralmsitot.ru_BR.exe
C:\Users\RICK\AppData\Local\Temp\raptrpatch.exe
C:\Users\RICK\AppData\Local\Temp\raptr_stub.exe
C:\Users\RICK\AppData\Local\Temp\rwalimseit.ru_BR.exe
C:\Users\RICK\AppData\Local\Temp\setup (1).exe
C:\Users\RICK\AppData\Local\Temp\setup.exe
C:\Users\RICK\AppData\Local\Temp\setup3.exe
C:\Users\RICK\AppData\Local\Temp\setup_580.exe
C:\Users\RICK\AppData\Local\Temp\spark_install.exe
C:\Users\RICK\AppData\Local\Temp\SpOrder.dll
C:\Users\RICK\AppData\Local\Temp\sqlite3.dll
C:\Users\RICK\AppData\Local\Temp\tmpA222.exe
C:\Users\RICK\AppData\Local\Temp\ts_10051.exe
C:\Users\RICK\AppData\Local\Temp\ttwifi.exe
C:\Users\RICK\AppData\Local\Temp\Uninstall.exe
C:\Users\RICK\AppData\Local\Temp\yeaplayer51495.exe
C:\Users\RICK\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-04-28 17:29

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité