cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:06-06-2016
Executado por Marcela (administrador) em MARCELA-PC (06-06-2016 16:37:03)
Executando a partir de C:\Users\Marcela\Downloads
Perfis Carregados: Marcela (Perfis Disponíveis: Marcela)
Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Droid4X\Droid4XService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
() C:\Windows\System32\srvany.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe
() C:\Windows\KMService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mep.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2015-09-04] (Banco Itaú Unibanco)
HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\...\MountPoints2: {3917a5c7-1baa-11e6-a659-002522c6208c} - D:\AutoRun.exe
HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\...\MountPoints2: {3917a5d8-1baa-11e6-a659-002522c6208c} - D:\AutoRun.exe
HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\...\MountPoints2: {3917a5fe-1baa-11e6-a659-002522c6208c} - D:\AutoRun.exe
HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\...\MountPoints2: {3917a613-1baa-11e6-a659-002522c6208c} - D:\AutoRun.exe
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1896696 2015-09-04] (Banco Itaú Unibanco)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 200.189.88.61 200.189.88.66
Tcpip\..\Interfaces\{1B23FBB7-4CCD-4E3A-9469-6433668CD767}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{A7A381B8-5BAC-4052-8CC7-BAD142241D7C}: [DhcpNameServer] 200.189.88.61 200.189.88.66

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_19¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CyCtBtDzz0CtByD0E0FtN0D0Tzu0StCyDzytCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0F0AyBzzzytAtGtDyEtB0AtG0AyC0CtBtGtDtAzzzytGtA0CyEtCyEyC0DtDtAyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCzy0BtA0AtC0DtGyB0FtB0DtGyEyD0BzytGzy0DtD0FtG0BtByBzztDtBtC0FtCyBtDyB2QtN0A0LzuyE%26cr%3D418213100%26a%3Dwbf_ir_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CyCtBtDzz0CtByD0E0FtN0D0Tzu0StCyDzytCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0F0AyBzzzytAtGtDyEtB0AtG0AyC0CtBtGtDtAzzzytGtA0CyEtCyEyC0DtDtAyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCzy0BtA0AtC0DtGyB0FtB0DtGyEyD0BzytGzy0DtD0FtG0BtByBzztDtBtC0FtCyBtDyB2QtN0A0LzuyE%26cr%3D418213100%26a%3Dwbf_ir_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CyCtBtDzz0CtByD0E0FtN0D0Tzu0StCyDzytCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0F0AyBzzzytAtGtDyEtB0AtG0AyC0CtBtGtDtAzzzytGtA0CyEtCyEyC0DtDtAyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCzy0BtA0AtC0DtGyB0FtB0DtGyEyD0BzytGzy0DtD0FtG0BtByBzztDtBtC0FtCyBtDyB2QtN0A0LzuyE%26cr%3D418213100%26a%3Dwbf_ir_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1012419761-1782341261-1735649272-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CyCtBtDzz0CtByD0E0FtN0D0Tzu0StCyDzytCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0F0AyBzzzytAtGtDyEtB0AtG0AyC0CtBtGtDtAzzzytGtA0CyEtCyEyC0DtDtAyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCzy0BtA0AtC0DtGyB0FtB0DtGyEyD0BzytGzy0DtD0FtG0BtByBzztDtBtC0FtCyBtDyB2QtN0A0LzuyE%26cr%3D418213100%26a%3Dwbf_ir_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1012419761-1782341261-1735649272-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CyCtBtDzz0CtByD0E0FtN0D0Tzu0StCyDzytCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0F0AyBzzzytAtGtDyEtB0AtG0AyC0CtBtGtDtAzzzytGtA0CyEtCyEyC0DtDtAyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCzy0BtA0AtC0DtGyB0FtB0DtGyEyD0BzytGzy0DtD0FtG0BtByBzztDtBtC0FtCyBtDyB2QtN0A0LzuyE%26cr%3D418213100%26a%3Dwbf_ir_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1012419761-1782341261-1735649272-1000 -> {599761C3-F206-4569-A085-D6DC5A256673} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll [2015-09-04] (Banco Itaú Unibanco)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\7o585hb8.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxp://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1012419761-1782341261-1735649272-1000: gastecnologia.com.br/sf/cef -> C:\Users\Marcela\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\7o585hb8.default\user.js [2015-12-02]
FF SearchPlugin: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\7o585hb8.default\searchplugins\default.xml [2016-03-21]
FF SearchPlugin: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\7o585hb8.default\searchplugins\Search Provided by Yahoo.xml [2016-05-10]
FF HKU\S-1-5-21-1012419761-1782341261-1735649272-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Marcela\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Marcela\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-10-29] [não assinado]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

"Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO

R2 Droid4XService; C:\Program Files\Droid4X\Droid4XService.exe [279552 2016-04-28] () [Arquivo não assinado]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1982752 2016-04-14] (ESET)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 KMService; C:\Windows\system32\srvany.exe [8192 2015-10-22] () [Arquivo não assinado]
R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [664960 2010-11-22] (SEIKO EPSON CORPORATION)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [621616 2016-05-11] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1559552 2010-07-27] (Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206312 2016-04-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2016-03-15] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [130616 2016-04-14] (ESET)
R0 GbpKm; C:\Windows\System32\drivers\GbpKm.sys [49496 2015-09-04] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-10-23] (GAS Tecnologia)
S3 SliceDisk5; C:\Users\Marcela\AppData\Local\Temp\slicedisk.sys [10240 2008-04-03] (Atola) [Arquivo não assinado]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-06-06] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-06 16:37 - 2016-06-06 16:37 - 00014730 _____ C:\Users\Marcela\Downloads\FRST.txt
2016-06-06 16:36 - 2016-06-06 16:37 - 00000000 ____D C:\FRST
2016-06-06 16:20 - 2016-06-06 16:21 - 01735680 _____ (Farbar) C:\Users\Marcela\Downloads\FRST.exe
2016-06-06 16:19 - 2015-12-09 15:11 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-06 16:17 - 2016-06-06 16:17 - 00008998 _____ C:\Users\Marcela\Downloads\api-ms-win-crt-runtime-l1-1-0.zip
2016-06-06 16:17 - 2015-12-09 15:11 - 00016224 _____ (Microsoft Corporation) C:\Users\Marcela\Downloads\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-06 15:00 - 2016-06-06 15:00 - 00043593 _____ C:\Users\Marcela\Downloads\PGDASD-RECIBO-14442488201505001.pdf
2016-06-06 09:05 - 2016-06-06 09:05 - 00000000 ____D C:\Users\Marcela\Documents\Documentos escaneados Marcela
2016-06-03 10:13 - 2016-06-03 10:17 - 00000000 ____D C:\Users\Marcela\Downloads\Fagner & Zé Ramalho - Ao Vivo-www.sofilmeseseriados.org
2016-06-03 09:23 - 2016-06-03 09:23 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2016-06-03 09:23 - 2016-06-03 09:23 - 00000000 ____D C:\ProgramData\Steam
2016-06-03 09:15 - 2016-06-03 09:18 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-03 09:15 - 2016-06-03 09:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-03 09:10 - 2016-06-06 16:22 - 00000000 ____D C:\Program Files\Age of Mythology
2016-06-03 09:10 - 2016-06-03 09:10 - 00000800 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Mythology.lnk
2016-06-03 09:10 - 2016-06-03 09:10 - 00000788 _____ C:\Users\Public\Desktop\Age of Mythology.lnk
2016-05-31 17:19 - 2016-05-31 17:29 - 00000000 ____D C:\Users\Marcela\Downloads\snes9x-1.53-win32
2016-05-31 15:40 - 2016-05-31 17:09 - 187487608 _____ (GOG.com ) C:\Users\Marcela\Downloads\setup_mdk_2.0.0.25.exe
2016-05-31 15:17 - 2016-05-31 15:17 - 00010312 _____ C:\Users\Marcela\Downloads\Chaplin - Modern Times.srt
2016-05-31 15:15 - 2016-06-01 08:45 - 00000000 ____D C:\Users\Marcela\Downloads\Mortal.Kombat.X.Complete-RELOADED
2016-05-31 15:07 - 2016-06-03 09:08 - 00000000 ____D C:\Users\Marcela\Downloads\Age.of.Mythology.Extended.Edition.Tale.of.the.Dragon-RELOADED
2016-05-31 10:13 - 2016-05-31 18:22 - 969844864 _____ C:\Users\Marcela\Downloads\System of a Down - Rock in Rio 24.09.2015.ts
2016-05-31 10:12 - 2016-06-01 09:02 - 386465792 _____ C:\Users\Marcela\Downloads\Fagner & Zé Ramalho - Ao Vivo-www.sofilmeseseriados.org.iso
2016-05-31 09:59 - 2016-05-31 09:59 - 00000000 ____D C:\Users\Marcela\Downloads\Horas Decisivas
2016-05-31 09:54 - 2016-05-31 12:59 - 00000000 ____D C:\Users\Marcela\Downloads\FEBRE DO OURO
2016-05-31 09:51 - 2016-05-31 15:06 - 00000000 ____D C:\Users\Marcela\Downloads\Charlie Chaplin - Modern Times (1936)
2016-05-31 09:51 - 2016-05-31 10:03 - 525253378 _____ C:\Users\Marcela\Downloads\Chaplin - Modern Times.mp4
2016-05-31 08:36 - 2016-05-31 08:36 - 00009108 _____ C:\Users\Marcela\Documents\DASNSIMEI-Recibo-23336716000160.pdf
2016-05-17 16:20 - 2016-05-17 16:20 - 00000000 ____D C:\Program Files\Oracle
2016-05-17 16:20 - 2014-05-16 15:25 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-05-17 16:19 - 2016-06-05 19:15 - 00000000 ____D C:\Program Files\Droid4X
2016-05-17 16:19 - 2016-05-27 08:34 - 00000000 ____D C:\Users\Marcela\AppData\Local\Droid4X
2016-05-17 16:19 - 2016-05-17 16:19 - 00000913 _____ C:\Users\Public\Desktop\Droid4X.lnk
2016-05-17 16:19 - 2016-05-17 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Droid4X
2016-05-16 18:36 - 2016-05-16 18:36 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
2016-05-16 18:16 - 2016-05-16 18:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
2016-05-16 18:16 - 2016-05-16 18:16 - 00000000 ____D C:\Users\Marcela\AppData\Roaming\Claro
2016-05-16 18:15 - 2016-05-16 18:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2016-05-16 18:15 - 2011-08-16 16:40 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2016-05-16 18:15 - 2011-08-16 16:40 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2016-05-16 18:14 - 2016-05-16 18:41 - 00000000 ____D C:\Users\Todos os Usuários\DatacardService
2016-05-16 18:14 - 2016-05-16 18:41 - 00000000 ____D C:\ProgramData\DatacardService
2016-05-16 18:14 - 2016-05-16 18:41 - 00000000 ____D C:\Program Files\Claro
2016-05-10 16:03 - 2016-05-10 16:05 - 00000000 ____D C:\Users\Marcela\AppData\Local\nima
2016-05-10 16:03 - 2016-05-10 16:03 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-10 16:03 - 2016-05-10 16:03 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-05-10 16:03 - 2016-05-10 16:03 - 00000282 _____ C:\Windows\Tasks\{6989C55D-68CA-1ECA-8EF6-150366CB80E3}.job
2016-05-10 16:03 - 2016-05-10 16:03 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-05-10 16:03 - 2016-05-10 16:03 - 00000000 ____D C:\Users\Marcela\AppData\Local\Setup1432447
2016-05-10 13:46 - 2016-05-10 14:55 - 00000000 ____D C:\Users\Marcela\KLICIA MARCELA
2016-05-07 11:02 - 2016-05-07 19:48 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-06 16:18 - 2009-07-14 00:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-06 16:18 - 2009-07-14 00:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-06 16:12 - 2015-10-26 13:53 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-06 16:11 - 2016-01-18 19:52 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-06-06 16:11 - 2015-10-27 17:34 - 00000000 _____ C:\hsrv.txt
2016-06-06 16:11 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-06 09:04 - 2015-10-22 15:37 - 00000000 ____D C:\Users\Marcela
2016-06-05 19:38 - 2015-10-22 18:10 - 00000000 ____D C:\Users\Marcela\AppData\Roaming\uTorrent
2016-06-05 19:13 - 2015-10-27 17:35 - 00000000 ____D C:\Users\Marcela\.VirtualBox
2016-06-01 08:37 - 2015-10-22 17:06 - 00000000 ___SD C:\Users\Marcela\AppData\LocalLow\Temp
2016-05-31 17:55 - 2015-10-22 15:42 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-31 17:55 - 2009-07-14 04:31 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2016-05-31 17:55 - 2009-07-14 04:31 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2016-05-31 17:55 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-05-31 17:49 - 2015-12-01 14:37 - 00000000 ____D C:\Users\Marcela\Downloads\F I L M E S
2016-05-31 17:11 - 2015-12-01 14:42 - 00000000 ____D C:\Users\Marcela\Downloads\P R O G R A M A S
2016-05-25 13:59 - 2009-07-13 22:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-05-23 20:56 - 2015-12-01 14:40 - 00000000 ____D C:\Users\Marcela\Downloads\M P 3
2016-05-23 07:56 - 2015-12-11 17:26 - 00000000 ____D C:\Users\Marcela\Desktop\P D F
2016-05-23 07:55 - 2015-10-26 14:18 - 00000987 _____ C:\Windows\1way.ini
2016-05-21 10:59 - 2015-10-26 13:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-17 16:19 - 2016-04-26 17:36 - 00000744 _____ C:\Users\Public\Desktop\Droid4X Multi Manager.lnk
2016-05-16 17:12 - 2015-10-26 13:53 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-16 17:12 - 2015-10-26 13:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-12 09:45 - 2015-10-22 21:06 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-05-12 09:45 - 2015-10-22 21:06 - 00000000 ____D C:\ProgramData\GbPlugin
2016-05-10 16:38 - 2015-10-26 13:51 - 00000000 ____D C:\Users\Marcela\AppData\Local\Adobe
2016-05-10 16:03 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-07 19:48 - 2015-10-26 13:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Arquivos na raiz de alguns diretórios =======

2015-10-27 17:05 - 2016-05-17 16:20 - 0002419 _____ () C:\Users\Marcela\AppData\Roaming\droid4xinstaller.log
2015-10-29 12:24 - 2015-10-29 12:24 - 0017724 _____ () C:\Users\Marcela\AppData\Roaming\unins000.dat
2015-10-29 12:24 - 2015-10-29 12:24 - 0730322 _____ () C:\Users\Marcela\AppData\Roaming\unins000.exe
2015-11-16 20:32 - 2015-11-16 20:32 - 0003584 _____ () C:\Users\Marcela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-10 19:11 - 2015-12-10 19:11 - 0007597 _____ () C:\Users\Marcela\AppData\Local\Resmon.ResmonCfg

Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{6989C55D-68CA-1ECA-8EF6-150366CB80E3}.job


Alguns arquivos em TEMP:
====================
C:\Users\Marcela\AppData\Local\Temp\13-9-legacy_vista_win7_32_dd_ccc_whql.exe
C:\Users\Marcela\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Marcela\AppData\Local\Temp\FindAndMount.exe
C:\Users\Marcela\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Marcela\AppData\Local\Temp\GDB4FAT.exe
C:\Users\Marcela\AppData\Local\Temp\GDB4NTFS.exe
C:\Users\Marcela\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Marcela\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Marcela\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Marcela\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Marcela\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Marcela\AppData\Local\Temp\msvcr71.dll
C:\Users\Marcela\AppData\Local\Temp\MutationWhaling.dll
C:\Users\Marcela\AppData\Local\Temp\python24.dll
C:\Users\Marcela\AppData\Local\Temp\remove.exe
C:\Users\Marcela\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Marcela\AppData\Local\Temp\Undelete.exe
C:\Users\Marcela\AppData\Local\Temp\ytb.exe
C:\Users\Marcela\AppData\Local\Temp\_fstools.dll


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-01 13:17

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité