cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-06-2016 01
Executado por Marcio (administrador) em ROJ-WOLFF04 (22-06-2016 10:29:57)
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio & TI)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Borland Software Corporation) C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Borland Software Corporation) C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Akamai Technologies, Inc.) C:\Users\Marcio\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Akamai Technologies, Inc.) C:\Users\Marcio\AppData\Local\Akamai\netsession_win.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
() C:\Program Files (x86)\baidu\Baidu Browser\bddataconverter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-09-04] (Banco Itaú Unibanco)
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marcio\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: F - F:\LGAutoRun.exe
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {07845322-d464-11e4-8e20-7071bc304a9f} - E:\INSTALL.EXE
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {71def4aa-ecda-11e4-a5a2-7071bc304a9f} - G:\CMADownloader.exe
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {8ff2cf9e-ea40-11e3-bf5e-7071bc304a9f} - E:\LGAutoRun.exe
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {abc0850c-c0c0-11e4-965b-7071bc304a9f} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {f26529bd-804b-11e4-938d-7071bc304a9f} - F:\.\StartModem.exe
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\MountPoints2: {fe606651-f573-11e4-906e-7071bc304a9f} - E:\LGAutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1896696 2015-09-04] (Banco Itaú Unibanco)
Startup: C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mapeamento_wolff.bat [2015-06-25] ()
GroupPolicyScripts: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\..\Interfaces\{48717393-106F-4067-BA9C-41F167EDB45F}: [NameServer] 192.168.0.3
Tcpip\..\Interfaces\{ABED43DD-7B41-4ED1-BC86-D4F6410B1443}: [DhcpNameServer] 192.168.0.3 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935060137542320&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1427459726&from=smt&uid=SAMSUNGXHD321HJ_S24AJ50Z548110&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1427459643&from=smt&uid=SAMSUNGXHD321HJ_S24AJ50Z548110&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1427459726&from=smt&uid=SAMSUNGXHD321HJ_S24AJ50Z548110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1427459726&from=smt&uid=SAMSUNGXHD321HJ_S24AJ50Z548110&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130935060137854321&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners
HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3736261245-1619934101-3525005955-1000 -> DefaultScope {98207A58-343E-4EA0-B177-BBC204DE3528} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3736261245-1619934101-3525005955-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=SAMSUNGXHD321HJ_S24AJ50Z548110&ts=1427459758&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3736261245-1619934101-3525005955-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKU\S-1-5-21-3736261245-1619934101-3525005955-1000 -> {98207A58-343E-4EA0-B177-BBC204DE3528} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-09-04] (Banco Itaú Unibanco)
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\68uxqzvk.default-1444733011344
FF DefaultSearchEngine: Coolrom Search Engine
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-24] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-24] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3736261245-1619934101-3525005955-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\Marcio\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-3736261245-1619934101-3525005955-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Marcio\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-09-25] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Extension: Coolrom Search Engine - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\68uxqzvk.default-1444733011344\Extensions\{0fc22c4c-93ed-48ea-ad12-dc8039cf3795}.xpi [2016-04-18]
FF HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Marcio\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Planilhas do Google) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (Documentos Google off-line) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKU\S-1-5-21-3736261245-1619934101-3525005955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [729744 2013-01-20] (Kaspersky Lab ZAO)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 InterBaseGuardian; C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe [32768 2001-11-28] (Borland Software Corporation) [Arquivo não assinado]
R3 InterBaseServer; C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe [1769472 2001-11-28] (Borland Software Corporation) [Arquivo não assinado]
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [127632 2013-01-22] (Kaspersky Lab ZAO)
S3 klnsacwsrv; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnsacwsrv.exe [125072 2013-01-22] (Kaspersky Lab ZAO)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-01] (IBM Corp.)
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-02-26] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1371960 2015-06-23] (Baidu.com, Inc.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 aswSP; não ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
S3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-07-17] (Sony Mobile Communications)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94992 2013-01-11] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [32088 2012-09-13] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644368 2013-01-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-11-23] (Kaspersky Lab ZAO)
S3 KLNetMon; C:\Windows\System32\DRIVERS\klmon.sys [101208 2013-01-22] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-11-16] (Kaspersky Lab ZAO)
S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7_x64.sys [208896 2012-12-12] (MediaTek Inc.)
S3 npf; C:\Windows\SysWOW64\drivers\npf.sys [47632 2013-01-22] (CACE Technologies, Inc.)
R1 RapportCerberus_1609039; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609039.sys [1157160 2016-05-10] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-01] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-01] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Arquivo não assinado]
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [81408 2014-09-09] (MediaTek Inc.) [Arquivo não assinado]
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-04-26] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 wampapache64; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-22 10:27 - 2016-06-22 10:29 - 00036653 _____ C:\Users\Marcio\Desktop\Addition.txt
2016-06-22 10:26 - 2016-06-22 10:29 - 00019126 _____ C:\Users\Marcio\Desktop\FRST.txt
2016-06-22 10:26 - 2016-06-22 10:29 - 00000000 ____D C:\FRST
2016-06-22 10:25 - 2016-06-22 10:25 - 02387456 _____ (Farbar) C:\Users\Marcio\Desktop\FRST64.exe
2016-06-22 10:18 - 2016-06-22 10:19 - 00001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-06-22 10:18 - 2016-06-22 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2016-06-17 08:32 - 2016-06-17 08:32 - 00001345 _____ C:\Users\Marcio\Desktop\ImgBurn - Atalho.lnk
2016-06-17 08:23 - 2016-06-17 13:10 - 00000000 ____D C:\Users\Marcio\Documents\ImgBurn
2016-06-17 08:23 - 2016-06-17 08:32 - 00000000 ____D C:\Users\Marcio\Downloads\ImgBurn 2.5.7.0
2016-06-17 08:07 - 2016-06-17 08:18 - 34608007 _____ C:\Users\Marcio\Downloads\ImgBurn 2.5.7.0.rar
2016-06-17 08:02 - 2016-06-17 08:02 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\2474
2016-06-16 14:40 - 2016-06-16 14:40 - 00002329 _____ C:\Users\Public\Desktop\Free FLV to MP4 Converter.lnk
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\Users\Todos os Usuários\topsevenreviews
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\Users\Marcio\Documents\topsevenreviews
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\Users\Marcio\AppData\Local\4Videosoft Studio
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\ProgramData\topsevenreviews
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\topsevenreviews
2016-06-16 14:40 - 2016-06-16 14:40 - 00000000 ____D C:\Program Files (x86)\topsevenreviews
2016-06-16 11:26 - 2016-06-16 11:26 - 00000000 ____D C:\Users\Marcio\AppData\Local\ElevatedDiagnostics
2016-06-13 10:24 - 2016-06-13 10:24 - 00007597 _____ C:\Users\Marcio\AppData\Local\Resmon.ResmonCfg
2016-06-09 14:40 - 2016-06-09 14:40 - 296942521 _____ C:\Windows\MEMORY.DMP
2016-06-09 14:40 - 2016-06-09 14:40 - 00289312 _____ C:\Windows\Minidump\060916-17035-01.dmp
2016-06-08 12:24 - 2016-06-08 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 09:30 - 2016-06-06 09:30 - 00087248 _____ C:\Users\Marcio\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-31 15:33 - 2016-05-31 15:33 - 00052224 _____ C:\Users\Marcio\Downloads\TABELA KARTONA ROJEMAC 2016.xls
2016-05-30 16:51 - 2016-05-30 16:51 - 00000000 ____D C:\Windows\SysWOW64\%PersonalRootCertificateFolder%
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Mirillis
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\Users\Marcio\Documents\Action!
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Mirillis
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\Users\Marcio\AppData\Local\Mirillis
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\ProgramData\Mirillis
2016-05-24 14:02 - 2016-05-24 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
2016-05-24 14:02 - 2016-05-24 14:02 - 00000000 ____D C:\Program Files (x86)\Mirillis
2016-05-24 13:40 - 2016-05-24 14:00 - 00000000 ____D C:\Fraps
2016-05-24 07:09 - 2016-05-24 07:09 - 00370784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-23 11:22 - 2016-05-23 11:22 - 00003234 _____ C:\Windows\System32\Tasks\{1B239057-637F-443B-BA3E-71C50209271A}

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-22 10:21 - 2016-04-18 08:49 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-06-22 10:20 - 2016-04-18 08:50 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-06-22 10:20 - 2016-04-18 08:50 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-06-22 10:20 - 2015-03-25 07:15 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-22 10:20 - 2015-03-25 07:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-22 10:18 - 2015-03-31 14:09 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-22 10:10 - 2015-09-09 11:29 - 00000000 ____D C:\Users\Marcio\Downloads\PROGRAMAS
2016-06-22 09:52 - 2013-05-16 12:03 - 00000000 ___RD C:\Users\Marcio\Documents\CONTROLE DE ALMOXARIFADO
2016-06-22 07:18 - 2015-03-31 14:09 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 07:00 - 2015-07-06 15:51 - 00000000 ___RD C:\Users\Marcio\Desktop\ 
2016-06-22 06:40 - 2009-07-14 01:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-22 06:40 - 2009-07-14 01:45 - 00020688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-22 06:33 - 2014-02-26 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2016-06-22 06:33 - 2014-02-26 18:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-22 06:32 - 2013-11-11 13:32 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-06-22 06:32 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 16:20 - 2015-01-27 08:07 - 00000000 ____D C:\Users\Marcio\Desktop\Documentos Beto
2016-06-20 07:20 - 2015-03-31 14:10 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 14:54 - 2013-05-16 11:57 - 01640960 ___SH C:\Users\Marcio\Desktop\Thumbs.db
2016-06-16 14:42 - 2015-04-30 16:19 - 00000000 ____D C:\Users\Marcio\AppData\Local\CrashDumps
2016-06-16 13:03 - 2016-01-11 09:38 - 00538624 ___SH C:\Users\Marcio\Downloads\Thumbs.db
2016-06-16 08:43 - 2009-07-14 14:55 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2016-06-16 08:43 - 2009-07-14 14:55 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2016-06-16 08:43 - 2009-07-14 02:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-16 08:43 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-06-13 16:19 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-09 14:40 - 2015-07-22 08:56 - 00000000 ____D C:\Windows\Minidump
2016-06-09 06:47 - 2015-08-13 14:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-07 07:03 - 2013-05-15 17:06 - 00000000 ____D C:\Users\Marcio
2016-06-07 07:00 - 2016-05-16 10:22 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2016-06-07 07:00 - 2016-02-18 07:37 - 00000000 ____D C:\Users\Marcio\AppData\Local\Akamai
2016-06-07 07:00 - 2013-05-15 17:13 - 00000000 ____D C:\Users\Marcio\AppData\Local\Google
2016-06-07 07:00 - 2013-05-15 17:12 - 00000000 ____D C:\Users\TI
2016-06-07 07:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2016-06-06 16:48 - 2013-11-11 13:32 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-06-06 16:48 - 2013-11-11 13:32 - 00000000 ____D C:\ProgramData\GbPlugin
2016-06-01 10:25 - 2013-05-16 11:57 - 00000000 ___RD C:\Users\Marcio\Desktop\MAPA DA PRODUÇÃO DIÁRIA
2016-05-24 07:13 - 2013-05-16 11:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-24 07:13 - 2013-05-16 11:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

2015-12-07 08:12 - 2016-01-29 15:49 - 0000040 _____ () C:\Users\Marcio\AppData\Roaming\cdr.ini
2014-09-08 16:19 - 2015-05-18 15:53 - 0005120 _____ () C:\Users\Marcio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-15 14:47 - 2015-04-15 14:47 - 0000001 _____ () C:\Users\Marcio\AppData\Local\llftool.4.40.agreement
2015-04-15 14:48 - 2015-04-15 14:48 - 0000019 _____ () C:\Users\Marcio\AppData\Local\llftool.license
2016-06-13 10:24 - 2016-06-13 10:24 - 0007597 _____ () C:\Users\Marcio\AppData\Local\Resmon.ResmonCfg
2015-03-26 10:38 - 2015-03-26 10:38 - 0011710 _____ () C:\Users\Marcio\AppData\Local\Temp-log.txt
2014-05-28 12:55 - 2014-05-28 12:55 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{E1EAFC15-D21C-4A9A-AE28-33F03189EA59}
2015-04-27 15:45 - 2015-04-28 08:20 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Alguns arquivos em TEMP:
====================
C:\Users\Marcio\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-09-06 11:25

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité