cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-06-2016 01
Executado por Usuário (administrador) em USUÁRIO-PC (21-06-2016 19:38:55)
Executando a partir de C:\Users\Usuário\Desktop\Downloads
Perfis Carregados: Usuário (Perfis Disponíveis: Usuário)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\nis.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [142482544 2016-06-21] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\Run: [GoogleChromeAutoLaunch_6087EB229EA76889D445C91763858347] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\MountPoints2: {2e67de71-03cd-11e5-9f75-806e6f6e6963} - D:\BlueBirds.exe
HKU\S-1-5-21-1681057908-773494145-61642137-1000\...\MountPoints2: {ea1ee416-809d-11e5-8143-001966ddda5a} - E:\iLinker.exe
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Usuário\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{380A08A1-CC2D-49AC-8264-A6410B1D27BA}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1681057908-773494145-61642137-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=BR&ver=22&locale=pt_BR&gct=sb&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Usuário\AppData\Roaming\Mozilla\Firefox\Profiles\9g1wncme.default-1465045181551
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1681057908-773494145-61642137-1000: @nsroblox.roblox.com/launcher -> C:\Users\Usuário\AppData\Local\Roblox\Versions\version-c044bc45019f474c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1681057908-773494145-61642137-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Usuário\AppData\Local\Roblox\Versions\version-c044bc45019f474c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1681057908-773494145-61642137-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Usuário\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1681057908-773494145-61642137-1000: SkypePlugin -> C:\Users\Usuário\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1681057908-773494145-61642137-1000: SkypePlugin64 -> C:\Users\Usuário\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.sweetpacks-search.com/?barid=&src=10&
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Chamada pelo Skype) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-26]
CHR Extension: (CloudConvert) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2015-09-10]
CHR Extension: (Roms43 for Chrome) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\hodglkaodhnbkakchphcmbgdinlgcfgc [2016-02-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-28]
CHR Extension: (hxxps://www.google.com.br/) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkphlpegihchlknkhglbjmehjhiplhi [2015-05-27]
CHR Extension: (Cut the Rope) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2015-05-27]
CHR Extension: (Skype) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (ProductivityBoss) - C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Extensions\poickeeehimalfeceghopkmbjdbpbpie [2016-03-30]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-12-06] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-05-26] () [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160104.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2015-12-28] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-19] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-24] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160108.001\IDSvia64.sys [767224 2015-12-23] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160110.005\ENG64.SYS [138488 2015-12-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160110.005\EX64.SYS [2148080 2015-12-24] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-12-28] (SlimWare Utilities, Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S1 bmkmxmfr; \??\C:\Windows\system32\drivers\bmkmxmfr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 19:36 - 2016-06-21 19:38 - 00000000 ____D C:\FRST
2016-06-21 18:27 - 2016-06-21 18:27 - 00000000 ____D C:\Windows\system32\MRT
2016-06-21 18:26 - 2016-06-21 18:27 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-21 18:06 - 2015-06-23 04:00 - 00088248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-06-21 17:51 - 2016-06-21 17:52 - 01146318 _____ C:\Users\Usuário\Desktop\mmmmmmmmm.pdf
2016-06-15 12:33 - 2016-06-21 11:54 - 00001134 _____ C:\Users\Usuário\Desktop\nativelog.txt
2016-06-15 12:29 - 2016-06-15 12:29 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-06-10 06:57 - 2016-06-10 07:02 - 00000000 ____D C:\Users\Usuário\Desktop\Músicas l
2016-06-10 06:37 - 2016-06-10 06:37 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-06-10 06:37 - 2016-06-10 06:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-10 06:37 - 2016-06-10 06:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-06-09 21:21 - 2016-06-09 21:32 - 00000000 ____D C:\Users\Usuário\pokemonbr
2016-06-09 21:10 - 2016-06-09 21:21 - 00000000 ____D C:\Users\Usuário\Documents\PokemonBR
2016-06-09 21:10 - 2016-06-09 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokemonBR
2016-06-08 20:17 - 2016-06-15 12:35 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-06-08 20:17 - 2016-06-15 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-06-08 17:51 - 2016-06-08 17:51 - 03616419 _____ C:\Users\Usuário\Desktop\eti.pdf
2016-06-08 10:56 - 2016-06-08 10:56 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2016-06-01 17:46 - 2016-06-01 17:46 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Tibia
2016-05-27 16:10 - 2016-05-27 16:10 - 00000000 ___HD C:\Windows\PIF
2016-05-27 16:10 - 2016-05-27 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon PRO 2
2016-05-27 16:09 - 2016-05-27 16:10 - 00000000 ____D C:\Program Files (x86)\Pokemon PRO 2
2016-05-25 19:57 - 2016-06-04 10:00 - 00000000 ____D C:\Users\Usuário\Desktop\Coisas
2016-05-25 19:53 - 2016-05-25 20:01 - 00000000 ____D C:\Users\Usuário\Desktop\Músicas
2016-05-25 13:34 - 2016-05-25 13:34 - 00000000 ____D C:\Users\Usuário\AppData\LocalLow\Google
2016-05-25 13:33 - 2016-05-25 13:33 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-04-29 22:19 - 2016-04-30 16:27 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\dll-files.com
2016-04-29 22:19 - 2016-04-29 22:19 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-04-29 22:19 - 2016-04-29 22:19 - 00000000 ____D C:\ProgramData\TEMP
2016-04-29 22:03 - 2016-04-29 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
2016-04-29 22:02 - 2016-04-29 22:54 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2016-04-29 22:00 - 2016-04-29 22:01 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\MonoDevelop-Unity-5.0
2016-04-29 22:00 - 2016-04-29 22:01 - 00000000 ____D C:\Users\Usuário\AppData\Local\MonoDevelop-Unity-5.0
2016-04-29 16:49 - 2016-04-29 21:54 - 00000000 ____D C:\Users\Usuário\AppData\LocalLow\DefaultCompany
2016-04-29 15:59 - 2016-04-29 21:46 - 00000000 ____D C:\Users\Todos os Usuários\Unity
2016-04-29 15:59 - 2016-04-29 21:46 - 00000000 ____D C:\ProgramData\Unity
2016-04-29 14:13 - 2016-04-29 14:13 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2016-04-29 14:11 - 2016-04-29 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.3.4f1 (64-bit)
2016-04-29 14:06 - 2016-04-29 14:11 - 00000000 ____D C:\Program Files\Unity
2016-04-28 21:38 - 2016-04-28 21:39 - 00000000 ____D C:\Program Files (x86)\R4 3DS Emulator
2016-04-28 21:38 - 2016-04-28 21:38 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator
2016-04-25 22:32 - 2016-04-25 22:32 - 00631235 _____ C:\Users\Usuário\Documents\Rielson 2.pdf
2016-04-25 22:30 - 2016-04-25 22:30 - 00297054 _____ C:\Users\Usuário\Documents\Rielson 1.pdf
2016-04-25 09:06 - 2016-04-25 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-04-25 09:00 - 2016-04-25 09:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-04-25 08:59 - 2016-04-25 08:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-04-25 08:58 - 2016-04-25 08:58 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-25 08:54 - 2016-04-25 08:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-04-25 08:53 - 2016-04-25 08:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-25 08:52 - 2016-04-25 08:52 - 00000000 __RHD C:\MSOCache
2016-04-17 17:11 - 2016-06-11 16:51 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-04-17 17:11 - 2016-04-23 12:54 - 00000252 _____ C:\Users\Usuário\AppData\LocalLow\rbxcsettings.rbx
2016-04-17 17:11 - 2016-04-17 17:22 - 00000000 ____D C:\Users\Usuário\AppData\Local\Roblox
2016-04-11 09:23 - 2016-04-11 09:23 - 00285368 _____ C:\Users\Usuário\Desktop\gestao_laboratorial_pdf_08.pdf
2016-04-05 12:45 - 2016-04-05 15:08 - 00000000 ____D C:\FFOutput
2016-04-05 12:45 - 2016-04-05 12:45 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-04-05 12:45 - 2016-04-05 12:45 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-04-05 12:45 - 2016-04-05 12:45 - 00000000 ____D C:\ProgramData\Baidu
2016-04-05 12:31 - 2016-04-05 12:31 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2016-04-05 12:30 - 2016-04-05 12:30 - 00000000 ____D C:\Program Files (x86)\FreeTime
2016-04-04 17:25 - 2016-04-04 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-01 20:54 - 2016-05-19 17:31 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\HandBrake
2016-04-01 20:54 - 2016-04-01 20:54 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\HandBrake Team
2016-04-01 20:43 - 2016-04-01 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-04-01 20:42 - 2016-04-01 20:42 - 00000000 ____D C:\Users\Todos os Usuários\TechSmith
2016-04-01 20:42 - 2016-04-01 20:42 - 00000000 ____D C:\Users\Todos os Usuários\regid.1995-08.com.techsmith
2016-04-01 20:42 - 2016-04-01 20:42 - 00000000 ____D C:\ProgramData\TechSmith
2016-04-01 20:42 - 2016-04-01 20:42 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2016-04-01 20:42 - 2016-04-01 20:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-01 20:12 - 2016-04-01 20:12 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-01 20:12 - 2016-04-01 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2016-04-01 20:12 - 2016-04-01 20:12 - 00000000 ____D C:\Program Files\Handbrake
2016-04-01 16:03 - 2016-04-01 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio Plugin
2016-04-01 16:03 - 2016-04-01 16:03 - 00000000 ____D C:\Program Files (x86)\Modio Plugin
2016-03-31 20:41 - 2016-03-31 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modio 5
2016-03-31 20:41 - 2016-03-31 20:41 - 00000000 ____D C:\Program Files (x86)\Modio 5
2016-03-25 19:01 - 2016-06-08 10:56 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 19:35 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 19:35 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 19:28 - 2016-03-05 15:45 - 00000000 ____D C:\Users\Usuário\AppData\Local\LogMeIn Hamachi
2016-06-21 19:27 - 2015-12-03 12:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-21 19:27 - 2015-07-31 20:52 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\Skype
2016-06-21 19:27 - 2015-05-26 15:21 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 19:27 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 19:02 - 2015-05-26 15:21 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 18:18 - 2015-07-30 14:31 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\uTorrent
2016-06-21 17:16 - 2015-05-26 16:34 - 00000000 ___RD C:\Users\Usuário\Desktop\Matheus
2016-06-21 11:54 - 2016-03-12 18:55 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\.minecraft
2016-06-21 11:40 - 2015-05-28 07:54 - 00000000 ____D C:\Users\Usuário\AppData\LocalLow\Temp
2016-06-19 23:40 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-19 23:15 - 2016-01-08 19:38 - 00000000 ____D C:\Users\Usuário\Documents\Camtasia Studio
2016-06-18 22:06 - 2009-07-18 02:15 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2016-06-18 22:06 - 2009-07-18 02:15 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2016-06-18 22:06 - 2009-07-14 02:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-18 22:06 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-06-18 19:07 - 2015-05-26 15:21 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:43 - 2016-03-05 13:43 - 00000000 ____D C:\Users\Usuário\BrawlhallaReplays
2016-06-15 12:59 - 2015-05-26 17:28 - 00000000 ____D C:\Users\Usuário\AppData\Local\ElevatedDiagnostics
2016-06-13 19:31 - 2015-08-09 11:50 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-09 21:21 - 2015-05-26 14:37 - 00000000 ____D C:\Users\Usuário
2016-06-08 20:07 - 2015-08-14 10:22 - 00000000 ____D C:\Users\Usuário\AppData\Local\CrashDumps
2016-06-07 14:46 - 2015-08-31 17:26 - 00000000 ____D C:\Users\Usuário\Desktop\Maysa
2016-06-04 17:19 - 2015-05-26 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-04 09:56 - 2015-05-26 15:21 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-04 09:56 - 2015-05-26 15:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 13:33 - 2016-02-26 17:36 - 00000000 ____D C:\Users\Usuário\AppData\Roaming\otPokemon
2016-06-01 20:03 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-26 13:31 - 2015-07-31 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-25 13:33 - 2015-05-26 15:21 - 00000000 ____D C:\Program Files (x86)\Google

==================== Arquivos na raiz de alguns diretórios =======

2015-07-26 09:45 - 2015-07-26 09:45 - 0000120 _____ () C:\Users\Usuário\AppData\Roaming\7cce59b7.dat
2015-08-14 10:10 - 2015-08-19 19:55 - 0002638 _____ () C:\Users\Usuário\AppData\Roaming\SpeedRunnersLog.txt
2016-03-16 15:51 - 2016-03-18 12:30 - 0000041 ___SH () C:\ProgramData\.zreglib

Alguns arquivos em TEMP:
====================
C:\Users\Usuário\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Usuário\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Usuário\AppData\Local\Temp\jansi-32-4304924642534157763.dll
C:\Users\Usuário\AppData\Local\Temp\jansi-32-5287509203290039812.dll


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-17 13:33

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité