Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:04-05-2016 Executado por Admin (administrador) em ADMIN-PC (04-05-2016 14:46:37) Executando a partir de C:\Users\Admin\Downloads Perfis Carregados: Admin (Perfis Disponíveis: Admin) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe (HP) C:\Windows\System32\HPSIsvc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2009-12-18] (Silicon Integrated Systems Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal) HKU\S-1-5-21-3401157911-477135185-2131724802-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 187.23.64.22 187.23.64.24 187.23.64.15 Tcpip\..\Interfaces\{95493A62-55C2-44AB-AB50-B97F580F6A6F}: [DhcpNameServer] 187.23.64.22 187.23.64.24 187.23.64.15 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-3401157911-477135185-2131724802-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3401157911-477135185-2131724802-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3401157911-477135185-2131724802-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Change Font Family Style) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb [2016-05-03] CHR Extension: (Font Changer with Google Web Fonts™) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2016-05-03] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado] R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc) [Arquivo não assinado] S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [25088 2015-05-12] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [30208 2015-05-12] (LG Electronics Inc.) R1 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [686360 2014-05-11] (www.ext2fsd.com) R0 GbpKm; C:\Windows\System32\drivers\GbpKm.sys [49496 2015-12-08] (GAS Tecnologia) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-04] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2016-03-28] (GAS Tecnologia) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] () S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2014-02-07] (Screaming Bee LLC) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-05-03] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] S0 gbpddreg; system32\drivers\gbpddreg32.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-04 14:46 - 2016-05-04 14:47 - 00009698 _____ C:\Users\Admin\Downloads\FRST.txt 2016-05-04 12:29 - 2016-05-04 14:46 - 00000000 ____D C:\FRST 2016-05-04 12:28 - 2016-05-04 12:28 - 01728000 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe 2016-05-04 10:15 - 2016-05-04 10:15 - 00324417 _____ C:\Users\Admin\Downloads\Moldes.zip 2016-05-02 18:49 - 2016-05-02 18:49 - 00087033 _____ C:\Users\Admin\Downloads\APP-DGTEAM-ONLINE.pdf 2016-04-28 16:05 - 2016-04-28 16:05 - 00000000 __SHD C:\Windows\ftpcache 2016-04-28 16:05 - 2016-04-28 16:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia 2016-04-28 16:05 - 2016-04-28 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-04-28 16:05 - 2010-04-29 14:11 - 00099896 _____ (HP) C:\Windows\system32\HPSIsvc.exe 2016-04-28 16:04 - 2016-04-28 16:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01007.Wdf 2016-04-28 15:58 - 2010-03-31 11:50 - 01167360 _____ C:\Windows\system32\HPM1210SM.exe 2016-04-28 15:58 - 2010-03-31 11:50 - 00167936 _____ C:\Windows\system32\HPM1210LM.DLL 2016-04-28 15:57 - 2008-12-22 05:02 - 02219152 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltwvc15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00482448 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltkrn15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00445584 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimgsfx15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00302224 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimgcor15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00257168 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltefx15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00216208 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimgefx15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00212112 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimgclr15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00150672 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltfil15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00117904 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lttwn15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00117904 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltimgutl15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00105616 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltpnt15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00068752 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltpdg15u.dll 2016-04-28 15:57 - 2008-12-22 05:02 - 00038032 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltimgopt15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 01711248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltclr15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 01035408 _____ (The OpenSSL Project) C:\Windows\system32\ltcry15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00646288 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltdlgfile15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00384144 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfcmp15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00261264 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTDIS15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00232592 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltdlgkrn15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00146576 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lftif15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00097424 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lffax15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00064656 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTCON15u.dll 2016-04-28 15:57 - 2008-12-22 05:01 - 00024720 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Lfbmp15u.dll 2016-04-28 15:56 - 2016-04-28 15:56 - 00000000 ____D C:\Program Files\HP 2016-04-28 15:56 - 2010-04-28 12:49 - 01112288 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2016-04-28 15:56 - 2010-04-28 12:49 - 00167936 _____ C:\Windows\system32\m1130wia.dll 2016-04-28 15:56 - 2010-04-28 12:49 - 00081920 _____ C:\Windows\system32\mvusbews.dll 2016-04-28 15:56 - 2010-04-28 12:49 - 00049664 _____ C:\Windows\system32\HPM1210SMs.dll 2016-04-28 15:56 - 2010-04-28 12:49 - 00017408 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys 2016-04-28 15:56 - 2010-03-31 14:49 - 00284672 _____ C:\Windows\system32\mvhlewsi.dll 2016-04-26 23:27 - 2016-04-26 23:27 - 00010597 _____ C:\ComboFix.txt 2016-04-26 22:34 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe 2016-04-26 22:34 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe 2016-04-26 22:34 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-04-26 22:34 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-04-26 22:34 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-04-26 22:34 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe 2016-04-26 22:34 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe 2016-04-26 22:34 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe 2016-04-26 22:32 - 2016-04-26 23:28 - 00000000 ____D C:\Qoobox 2016-04-26 22:30 - 2016-04-26 23:18 - 00000000 ____D C:\Windows\erdnt 2016-04-26 22:28 - 2016-04-26 22:29 - 05660058 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe 2016-04-25 18:34 - 2016-04-25 18:34 - 00000000 ____D C:\Users\Admin\Downloads\helvetica 2016-04-25 14:58 - 2016-04-25 14:58 - 01542805 _____ C:\Users\Admin\Downloads\LOGO - DESENHO - VALORES.zip 2016-04-24 20:33 - 2016-05-02 18:53 - 00000830 _____ C:\Users\Admin\Desktop\ZHPCleaner.lnk 2016-04-12 10:24 - 2016-04-12 10:26 - 21025552 _____ (Mooii) C:\Users\Admin\Downloads\PhotoScapeSetup_V3.7.exe 2016-04-08 16:31 - 2016-04-08 16:31 - 00000000 ____D C:\Users\Admin\AppData\Local\CEF 2016-04-07 12:37 - 2014-05-14 13:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-04-07 12:37 - 2014-05-14 13:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-04-07 12:37 - 2014-05-14 13:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-04-07 12:37 - 2014-05-14 13:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-04-07 12:36 - 2014-05-14 13:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-04-07 12:36 - 2014-05-14 13:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-04-07 12:36 - 2014-05-14 13:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-04-07 12:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-04-07 12:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-04-07 12:04 - 2016-04-07 12:31 - 303473072 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\office2007sp2-kb953195-fullfile-pt-br.exe 2016-03-29 17:42 - 2016-03-29 17:42 - 00224680 _____ C:\Users\Admin\Downloads\Plano Alimentar - Isis.pdf 2016-03-28 15:23 - 2016-05-03 13:30 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2016-03-28 15:23 - 2016-03-28 15:24 - 00001024 _____ C:\.rnd 2016-03-28 15:23 - 2016-03-28 15:23 - 00000000 ___HD C:\Program Files\GAS Tecnologia 2016-03-28 15:23 - 2016-03-28 15:23 - 00000000 ____D C:\Program Files\Diebold 2016-03-28 15:23 - 2015-03-18 11:23 - 00079064 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys 2016-03-28 15:15 - 2016-03-28 15:15 - 00029400 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpndisrdn.sys 2016-03-28 15:15 - 2015-12-08 13:13 - 00049496 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpkm.sys 2016-03-28 15:14 - 2016-04-24 19:15 - 00000000 ____D C:\Program Files\GbPlugin 2016-03-28 15:14 - 2016-03-28 15:15 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-03-28 15:14 - 2016-03-28 15:15 - 00000000 ____D C:\ProgramData\GbPlugin 2016-03-28 15:14 - 2016-03-28 15:14 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2016-03-28 15:14 - 2016-03-28 15:14 - 00000000 ____D C:\ProgramData\GAS Tecnologia 2016-03-28 15:09 - 2016-03-28 15:10 - 02665128 _____ (CAIXA) C:\Users\Admin\Downloads\iGBPCEFwr.exe 2016-03-28 10:29 - 2016-03-31 10:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-28 10:29 - 2016-03-28 10:29 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-03-28 10:28 - 2016-03-28 10:28 - 00000000 ____D C:\Program Files\Adobe 2016-03-27 20:54 - 2016-04-14 16:39 - 00000684 _____ C:\Users\Admin\Desktop\resposta.txt 2016-03-26 17:54 - 2016-03-26 17:54 - 07313359 _____ C:\Users\Admin\Downloads\PequenoPrincipeV2.pdf 2016-03-19 13:19 - 2016-03-19 13:19 - 00393822 _____ C:\Users\Admin\Downloads\WinRuler1xZip.zip 2016-03-08 11:11 - 2016-03-08 11:11 - 00607460 _____ C:\Users\Admin\Downloads\008.pdf 2016-03-08 11:10 - 2016-03-08 11:11 - 00648525 _____ C:\Users\Admin\Downloads\005.pdf 2016-03-08 11:10 - 2016-03-08 11:10 - 00636829 _____ C:\Users\Admin\Downloads\004.pdf 2016-03-08 11:09 - 2016-03-08 11:09 - 00699725 _____ C:\Users\Admin\Downloads\016.pdf 2016-03-04 14:02 - 2016-05-03 09:56 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForAdmin.job 2016-02-26 12:17 - 2016-02-26 12:17 - 01812480 _____ C:\Users\Admin\Downloads\ZHPCleaner-2015.4.26.191.exe 2016-02-20 15:00 - 2016-02-22 13:45 - 00000000 ____D C:\Users\Admin\Downloads\Originals ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-04 14:44 - 2016-01-06 12:30 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-04 14:44 - 2016-01-04 14:57 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-04 09:05 - 2016-01-04 14:57 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-03 13:37 - 2009-07-14 01:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-03 13:37 - 2009-07-14 01:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-03 13:30 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-03 13:26 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-05-03 10:37 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF 2016-05-02 23:01 - 2016-01-04 14:59 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-02 23:01 - 2016-01-04 14:59 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-02 22:55 - 2016-01-04 18:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ZHP 2016-05-02 18:54 - 2016-01-11 20:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PhotoScape 2016-04-28 15:57 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-04-28 10:32 - 2009-07-14 01:33 - 00585984 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-26 23:16 - 2009-07-13 23:04 - 00000215 _____ C:\Windows\system.ini 2016-04-26 23:04 - 2016-01-04 14:00 - 00000000 ____D C:\Users\Admin 2016-04-26 22:25 - 2016-01-06 12:30 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-26 22:25 - 2016-01-06 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-26 22:25 - 2016-01-06 12:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-04-26 14:58 - 2016-01-04 14:57 - 00167896 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-24 19:15 - 2016-01-07 13:17 - 00000000 ____D C:\Users\Todos os Usuários\Protexis 2016-04-24 19:15 - 2016-01-07 13:17 - 00000000 ____D C:\ProgramData\Protexis 2016-04-24 19:15 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration 2016-04-24 19:15 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\AppCompat 2016-04-21 15:05 - 2014-02-03 13:05 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-12 19:37 - 2011-04-12 01:47 - 00708172 _____ C:\Windows\system32\prfh0416.dat 2016-04-12 19:37 - 2011-04-12 01:47 - 00147952 _____ C:\Windows\system32\prfc0416.dat 2016-04-12 19:37 - 2010-11-20 18:01 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-12 10:28 - 2016-01-11 20:10 - 00000989 _____ C:\Users\Admin\Desktop\PhotoScape.lnk 2016-04-12 10:28 - 2016-01-11 20:09 - 00000000 ____D C:\Program Files\PhotoScape 2016-04-09 12:02 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache 2016-04-09 07:57 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-04-07 12:53 - 2016-01-04 14:13 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-04-07 12:38 - 2016-01-04 14:17 - 00000000 ____D C:\Program Files\Microsoft Works 2016-04-07 12:33 - 2009-07-13 23:04 - 00000478 _____ C:\Windows\win.ini 2016-04-07 11:18 - 2016-01-04 14:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Microsoft Help ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-04-28 12:25 ==================== Fim de FRST.txt ============================