cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 15-08-2016 01
Executado por Potiguara (administrador) em NETBOOK-PC (16-08-2016 12:03:52)
Executando a partir de C:\Users\Potiguara\Downloads
Perfis Carregados: Potiguara (Perfis Disponíveis: Potiguara)
Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsTray.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsEPCMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BitTorrent Inc.) C:\Users\Potiguara\AppData\Roaming\uTorrent\uTorrent.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AsusTray] => C:\Program Files\EeePC\ACPI\AsTray.exe [114688 2008-12-04] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusACPIServer] => C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [622592 2008-12-17] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusEPCMonitor] => C:\Program Files\EeePC\ACPI\AsEPCMon.exe [94208 2008-05-21] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1240385482-894012593-3318310909-1000\...\Run: [uTorrent] => C:\Users\Potiguara\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-02] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{A71D3084-A543-4102-AF36-2613AFBCF39A}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-1240385482-894012593-3318310909-1000] ATENÇÃO => A URLSearchHook Padrão está ausente
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-02] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Potiguara\AppData\Roaming\Mozilla\Firefox\Profiles\h1hv372c.default
FF Homepage: hxxps://thepiratebay.se/search/IN%20AMERICA%202002/0/99/0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-03]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-02] (AVAST Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AsusACPI; C:\Windows\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-08-16 12:03 - 2016-08-16 12:04 - 00009166 _____ C:\Users\Potiguara\Downloads\FRST.txt
2016-08-16 12:02 - 2016-08-16 12:03 - 00000000 ____D C:\FRST
2016-08-16 12:01 - 2016-08-16 12:01 - 01744896 _____ (Farbar) C:\Users\Potiguara\Downloads\FRST.exe
2016-08-15 14:29 - 2016-08-15 14:29 - 00262269 _____ C:\Users\Potiguara\Downloads\dotnetfx_cleanup_tool.zip
2016-08-14 16:32 - 2016-08-14 16:32 - 00000000 ____D C:\Users\Potiguara\AppData\Local\ElevatedDiagnostics
2016-07-27 06:06 - 2016-08-16 11:47 - 00000000 ____D C:\Users\Potiguara\AppData\LocalLow\uTorrent
2016-07-23 13:16 - 2016-07-23 13:16 - 00000000 ____D C:\Program Files\Common Files\Java
2016-07-18 20:18 - 2016-07-18 20:22 - 00000000 ____D C:\Users\Potiguara\Documents\LARK RISE_S01
2016-07-18 14:41 - 2016-07-18 14:43 - 00000000 ____D C:\Users\Potiguara\Documents\CRANFORD_ASUSPRETO
2016-07-03 06:47 - 2016-07-02 07:49 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-03 06:41 - 2016-07-03 06:41 - 00000000 ____D C:\Users\Potiguara\AppData\Local\CEF
2016-07-02 07:50 - 2016-07-02 07:49 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-07-02 07:49 - 2016-07-02 07:49 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-21 06:56 - 2016-06-21 06:56 - 00000000 ____D C:\Users\Potiguara\AppData\Local\Macromedia
2016-06-15 06:20 - 2016-06-15 06:20 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-10 07:17 - 2016-08-03 16:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-10 05:50 - 2016-06-10 05:50 - 00000000 ____D C:\Users\Potiguara\AppData\Local\GWX
2016-06-09 07:11 - 2016-06-09 07:11 - 00108360 _____ C:\Users\Potiguara\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-08 17:47 - 2016-06-08 17:53 - 00000000 ____D C:\Users\Potiguara\AppData\Local\Mozilla
2016-06-01 13:37 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-08-16 12:05 - 2016-04-04 12:40 - 00000000 ____D C:\Users\Potiguara\AppData\Roaming\uTorrent
2016-08-16 12:04 - 2009-07-14 01:34 - 00013392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-16 12:04 - 2009-07-14 01:34 - 00013392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-16 11:56 - 2016-03-31 17:05 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-16 11:56 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2016-08-16 11:56 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2016-08-16 11:56 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-08-16 11:47 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-16 07:35 - 2016-04-19 18:00 - 03313664 _____ C:\Users\Potiguara\Documents\DVDs e VHs.mdb
2016-08-09 12:04 - 2009-07-14 01:53 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-07 19:18 - 2016-05-05 17:23 - 00000000 ____D C:\Users\Potiguara\Documents\CDsLPs
2016-08-05 06:26 - 2016-04-01 10:35 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-04 15:39 - 2016-04-01 09:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-08-01 12:59 - 2016-04-01 11:05 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2016-08-01 12:59 - 2016-04-01 11:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-23 14:51 - 2016-03-31 17:56 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-07-23 14:51 - 2016-03-31 17:56 - 00000000 ____D C:\ProgramData\Oracle
2016-07-23 13:18 - 2016-03-31 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-23 13:18 - 2016-03-31 17:56 - 00000000 ____D C:\Program Files\Java
2016-07-23 13:15 - 2016-04-04 12:38 - 00000000 ____D C:\Users\Potiguara\.oracle_jre_usage
2016-07-23 13:14 - 2016-03-31 17:57 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-07-20 16:51 - 2016-04-04 18:45 - 00000000 ____D C:\Users\Potiguara\Documents\ConvertXToDVD

==================== Arquivos na raiz de alguns diretórios =======

2016-04-04 18:46 - 2016-06-21 16:03 - 0087608 _____ () C:\Users\Potiguara\AppData\Roaming\inst.exe
2016-04-04 18:46 - 2016-06-21 16:03 - 0007887 _____ () C:\Users\Potiguara\AppData\Roaming\pcouffin.cat
2016-04-04 18:46 - 2016-06-21 16:03 - 0001144 _____ () C:\Users\Potiguara\AppData\Roaming\pcouffin.inf
2016-04-04 18:46 - 2016-06-21 16:03 - 0000055 _____ () C:\Users\Potiguara\AppData\Roaming\pcouffin.log
2016-04-04 18:46 - 2016-06-21 16:03 - 0047360 _____ (VSO Software) C:\Users\Potiguara\AppData\Roaming\pcouffin.sys
2016-04-21 08:18 - 2010-02-09 16:04 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2016-04-21 08:18 - 2010-03-06 04:40 - 0004327 ____R () C:\ProgramData\P1100OS.HTM
2016-04-21 08:18 - 2010-02-09 16:04 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF

Alguns arquivos em TEMP:
====================
C:\Users\Potiguara\AppData\Local\Temp\jre-8u101-windows-au.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-04-01 11:34

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité