Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:14-12-2015
Executado por Nathan (administrador) em NATHAN-PC (15-12-2015 15:19:40)
Executando a partir de C:\Users\Nathan\Downloads
Perfis Carregados: Nathan (Perfis Disponíveis: Nathan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Ray you) C:\Program Files (x86)\RayDld\ihpmServer.exe
() C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe
(DotCash Limited) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(© 2015 Microsoft Corporation) C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_hub.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_browser.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe
(Nexon) C:\Level Up! Games\Combat Arms\CombatArms.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.BR\raidcall.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [mbot_br_014010153] => [X]
HKLM-x32\...\Run: [gmsd_br_005010154] => [X]
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\Run: [gmsd_br_005010155] => [X]
HKLM-x32\...\Run: [gmsd_br_004010155] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-09] (AVAST Software)
HKLM-x32\...\Run: [HomePageHelper] => C:\ProgramData\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [BingSvc] => C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [MediaFire Tray] => C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe [4025856 2015-11-05] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [CrashService] => "C:\Users\Nathan\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2920448 2015-12-02] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [-] => c:\programdata\carssb.exe [1852416 2015-12-15] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\MountPoints2: {8cc533d5-5ae0-11e5-a88f-902b34f9e21b} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-09] (AVAST Software)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_6c25c.dll [2015-08-20] (TODO:)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_6c25c.dll [2015-08-20] (TODO:)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_6c25c.dll [2015-08-20] (TODO:)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_6c25c.dll [2015-08-20] (TODO:)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_6c25c.dll [2015-08-20] (TODO:)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50785;https=127.0.0.1:50785
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll Nenhum Arquivo
Tcpip\Parameters: [DhcpNameServer] 187.122.127.35 187.122.127.59
Tcpip\..\Interfaces\{6981DDE4-5613-4EA0-B08D-D61797B3DB4F}: [DhcpNameServer] 187.122.127.35 187.122.127.59
Tcpip\..\Interfaces\{7329F755-F2A9-4455-8A80-6BD55B0F62AB}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B23DF83A-566F-4183-B9FC-D9296F173646}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=91104071_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
URLSearchHook: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 - (Sem Nome) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334580&octid=EB_ORIGINAL_CTID&ISID=M05293CE4-7B2C-487E-8C4D-CA94E0C954B1&SearchSource=58&CUI=&UM=8&UP=SPB632A31D-33C7-46D8-A7E9-A9E05478C6CE&D=112215&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_6&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {5BAB3DD0-AFDA-4675-9FE4-5A0226D1E264} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://mysearch.avg.com/search?cid={B350ABAC-BA49-409B-9DCA-4FA89120E3BE}&mid=6488f62645fe47cd80904162721d0be8-db1370f5bca904e6bdb50359c1e986e718b9aa06&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-13 11:07:06&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {9521373A-EC33-4E6A-9C87-E1549227A163} URL = hxxp://www.search.ask.com/web?tpid=ATU4SP-MED&o=APN11391&pf=V7&p2=^BAY^defaul^BW^BR&gct=sb&itbv=12.34.1.2165&apn_uid=14821F95-D3D6-4327-ADB0-9372688B3377&apn_ptnrs=^BAY&apn_dtid=^defaul^BW^BR&apn_dbr=chrome.exe_0_45.0.2454.85&doi=2015-09-05&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-23] (AVAST Software)
BHO: Sem Nome -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Nenhum Arquivo
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Sem Nome -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-23] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Sem Nome -> {b608cc98-54de-4775-96c9-097de398500c} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2015-09-05] (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-09-17] (Nexon)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Nathan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-09-18] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Nathan\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-09]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-09]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Bing) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-02]
CHR Extension: (Planilhas do Google) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03]
CHR Extension: (Avast Online Security) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02]
CHR Extension: (Skype Click to Call) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
CHR HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-09] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 1999-12-31] (Intel Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271592 2015-11-18] (Ray you)
S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [210416 2015-11-05] ()
R2 MF NTFS Monitor; C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe [456176 2015-11-05] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [270304 2015-11-21] (DotCash Limited)
R2 qymumylo; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp [247808 2015-11-21] () [Arquivo não assinado]
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 Dripkix; não ImagePath
S2 ginoquci; não ImagePath
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 rojuxire; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\knsp8995.tmp [X]
S2 SSFK; não ImagePath
S2 typikeni; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\hnse907E.tmp [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-09] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-11-05] (Windows (R) Win 7 DDK provider)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2015-11-21] (DotCash)
R2 SPDRIVER_1.42.1.2719; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [52376 2015-10-27] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-12-07] (SlimWare Utilities, Inc.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-11-25] (电脑管家)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\softaal64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2015-12-15 15:19 - 2015-12-15 15:20 - 00027105 _____ C:\Users\Nathan\Downloads\FRST.txt
2015-12-15 15:19 - 2015-12-15 15:19 - 02369536 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2015-12-15 15:19 - 2015-12-15 15:19 - 00000000 ____D C:\FRST
2015-12-15 15:17 - 2015-12-15 15:17 - 01720832 _____ (Farbar) C:\Users\Nathan\Downloads\FRST.exe
2015-12-15 10:38 - 2015-12-15 10:38 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\Users\Todos os Usuários\carssb.exe
2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\ProgramData\carssb.exe
2015-12-15 00:10 - 2015-12-15 00:10 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\LightGate
2015-12-13 09:26 - 2015-12-13 09:26 - 00000000 ___HD C:\Users\Nathan\Documents\.4sh
2015-12-13 09:20 - 2015-12-13 09:20 - 11595328 _____ (New IT Solutions) C:\Users\Nathan\Downloads\4shared_Desktop_4.0.14.27377.exe
2015-12-13 09:03 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-12-13 09:01 - 2015-12-13 09:01 - 17251392 _____ (DsNET Corp ) C:\Users\Nathan\Downloads\aTubeCatcher.exe
2015-12-13 07:28 - 2015-12-13 09:03 - 00001190 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-12-13 07:28 - 2015-12-13 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-12-13 07:28 - 2015-12-13 07:28 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2015-12-13 07:21 - 2015-12-13 07:24 - 00000000 ____D C:\Program Files (x86)\Ares
2015-12-13 07:21 - 2015-12-13 07:21 - 00000000 ____D C:\Users\Nathan\AppData\Local\Ares
2015-12-11 12:47 - 2015-12-11 12:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 12:47 - 2015-12-11 12:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-11 12:47 - 2015-12-11 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-11 12:45 - 2015-12-11 12:46 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Nathan\Downloads\SkypeSetup.exe
2015-12-09 11:38 - 2015-12-09 11:38 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-09 11:37 - 2015-12-09 11:37 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-08 18:04 - 2015-11-20 16:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 18:04 - 2015-11-20 16:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 18:04 - 2015-11-20 16:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 18:04 - 2015-11-20 16:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 18:04 - 2015-11-11 19:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 18:04 - 2015-11-11 18:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 18:04 - 2015-11-11 16:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:04 - 2015-11-11 16:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:04 - 2015-11-11 16:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 18:04 - 2015-11-11 16:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 18:04 - 2015-11-11 14:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:04 - 2015-11-11 14:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 18:04 - 2015-11-11 13:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 18:04 - 2015-11-11 13:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 18:04 - 2015-11-11 13:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 18:04 - 2015-11-11 13:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 18:04 - 2015-11-11 12:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:04 - 2015-11-10 16:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 18:04 - 2015-11-10 16:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 18:04 - 2015-11-10 15:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 18:04 - 2015-11-09 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 18:04 - 2015-11-09 22:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 18:04 - 2015-11-09 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 18:04 - 2015-11-09 22:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 18:04 - 2015-11-09 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 18:04 - 2015-11-09 22:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 18:04 - 2015-11-09 22:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 18:04 - 2015-11-09 22:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 18:04 - 2015-11-09 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 18:04 - 2015-11-09 22:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 18:04 - 2015-11-09 22:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 18:04 - 2015-11-09 22:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 18:04 - 2015-11-09 22:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 18:04 - 2015-11-09 21:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 18:04 - 2015-11-09 21:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 18:04 - 2015-11-09 21:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 18:04 - 2015-11-09 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 18:04 - 2015-11-09 21:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 18:04 - 2015-11-09 21:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 18:04 - 2015-11-09 21:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 18:04 - 2015-11-09 21:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 18:04 - 2015-11-09 21:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 18:04 - 2015-11-09 21:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 18:04 - 2015-11-09 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 18:04 - 2015-11-08 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 18:04 - 2015-11-08 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 18:04 - 2015-11-08 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 18:04 - 2015-11-08 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 18:04 - 2015-11-08 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 18:04 - 2015-11-08 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 18:04 - 2015-11-08 20:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 18:04 - 2015-11-08 20:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:04 - 2015-11-08 20:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 18:04 - 2015-11-08 20:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 18:04 - 2015-11-08 19:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 18:04 - 2015-11-08 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 18:04 - 2015-11-08 19:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 18:04 - 2015-11-08 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 18:04 - 2015-11-08 19:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 18:04 - 2015-11-08 19:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 18:04 - 2015-11-08 19:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 18:04 - 2015-11-08 19:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 18:04 - 2015-11-08 19:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 18:04 - 2015-11-08 19:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:04 - 2015-11-08 19:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 18:04 - 2015-11-08 19:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 18:04 - 2015-11-08 18:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 18:04 - 2015-11-08 18:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 18:04 - 2015-11-08 18:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 18:04 - 2015-11-05 17:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 18:04 - 2015-11-05 17:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 18:04 - 2015-11-05 07:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:04 - 2015-11-03 17:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 18:04 - 2015-11-03 16:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 18:02 - 2015-11-03 17:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 18:02 - 2015-11-03 16:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 01:23 - 2015-12-08 18:31 - 00000000 ____D C:\Windows.old
2015-12-07 00:34 - 2015-12-08 18:31 - 00000000 ____D C:\Users\Nathan
2015-12-06 20:42 - 2015-12-06 20:42 - 00159144 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\WindowsActivationUpdate.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2015-12-03 10:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-02 23:43 - 2015-12-15 00:10 - 00002305 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 23:43 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-02 23:41 - 2015-12-10 11:18 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 23:41 - 2015-12-10 11:18 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 23:41 - 2015-12-07 00:47 - 00004176 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 23:41 - 2015-12-07 00:47 - 00003924 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\Users\Todos os Usuários\carss---.exe
2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\ProgramData\carss---.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\Users\Todos os Usuários\tops.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\ProgramData\tops.exe
2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Todos os Usuários\ch_dl_url
2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\ProgramData\ch_dl_url
2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2015-11-26 23:26 - 2015-11-27 00:02 - 167839512 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunes6464Setup.exe
2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Users\Nathan\AppData\Local\gmsd_br_005010157
2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Program Files (x86)\gmsd_br_005010157
2015-11-25 14:30 - 2015-11-25 14:30 - 00005120 _____ C:\Users\Nathan\AppData\Roaming\GiftBag.db
2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\Users\Todos os Usuários\carss.exe.lnk
2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\ProgramData\carss.exe.lnk
2015-11-23 18:30 - 2015-11-27 12:09 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-11-23 17:30 - 2015-11-23 17:30 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software
2015-11-23 17:29 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-23 17:29 - 2015-11-23 17:29 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-23 17:28 - 2015-12-09 11:38 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-23 17:28 - 2015-12-09 11:37 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-23 17:27 - 2015-11-23 17:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-23 17:26 - 2015-11-23 17:26 - 05084256 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe
2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC
2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\TXQMPC
2015-11-23 16:52 - 2015-11-23 16:52 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\TENCENT
2015-11-23 16:48 - 2015-11-25 14:28 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-11-23 16:48 - 2015-11-23 16:48 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-11-23 16:47 - 2015-11-25 14:28 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-11-23 16:47 - 2015-11-23 16:47 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-11-23 15:24 - 2015-11-23 15:24 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\SmartWeb
2015-11-23 15:22 - 2015-11-23 15:22 - 00592759 _____ C:\Users\Nathan\AVGInstLog.cab
2015-11-23 15:18 - 2015-11-23 15:18 - 00000008 _____ C:\END
2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\ProgramData\xcgui_debug.txt
2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\3WMiniPro3
2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\3WMiniPro3
2015-11-23 14:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\Tencent
2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\Tencent
2015-11-23 14:51 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\032B0290-1448297491-05F9-E206-1B0700080009
2015-11-23 14:51 - 2015-11-23 14:51 - 00001046 _____ C:\Windows\Tasks\xT3rYNeym.job
2015-11-23 14:50 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\OpedBrowsrVersion5
2015-11-23 14:47 - 2015-11-23 18:58 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Tencent
2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\ProgramData\WindowsMsg
2015-11-23 14:39 - 2015-12-07 00:47 - 00004298 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\WWMiniProW
2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\WWMiniProW
2015-11-23 14:33 - 2015-12-07 00:47 - 00004150 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-22 21:11 - 2015-11-23 15:10 - 00000322 _____ C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt
2015-11-22 21:07 - 2015-11-23 14:07 - 00000063 _____ C:\Users\Nathan\AppData\Roaming\WB.CFG
2015-11-22 21:01 - 2015-11-23 16:45 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-11-22 20:51 - 2015-11-24 12:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\istartpageing
2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-22 20:51 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files (x86)\SFK
2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\vWMiniProv
2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\vWMiniProv
2015-11-22 20:28 - 2015-11-23 19:40 - 00000000 ____D C:\Program Files (x86)\032B0290-1448231309-05F9-E206-1B0700080009
2015-11-22 20:12 - 2015-11-22 20:12 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-22 20:10 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files\Dripkix
2015-11-22 20:10 - 2015-11-22 20:10 - 00000187 _____ C:\Users\Nathan\AppData\Local\Konk-hex.exe.config
2015-11-22 20:09 - 2015-12-07 00:47 - 00004350 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323332373737353832362d2d37505a2a6c55326c342341
2015-11-22 20:08 - 2015-11-23 14:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\systweak
2015-11-22 20:08 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2015-11-22 20:07 - 2015-12-07 00:47 - 00003720 _____ C:\Windows\System32\Tasks\PFExe
2015-11-22 20:07 - 2015-12-07 00:47 - 00003350 _____ C:\Windows\System32\Tasks\Price Fountain
2015-11-22 20:07 - 2015-11-23 15:07 - 00000296 _____ C:\Windows\Tasks\Price Fountain.job
2015-11-22 20:07 - 2015-11-22 20:07 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PriceFountain
2015-11-22 20:05 - 2015-11-23 19:43 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-11-22 20:05 - 2015-11-22 20:05 - 00002494 _____ C:\Windows\patsearch.bin
2015-11-22 20:05 - 2015-11-22 20:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-11-22 19:54 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\Velocidade Do PC
2015-11-22 19:52 - 2015-12-10 11:18 - 00000940 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-11-22 19:52 - 2015-12-07 00:47 - 00004048 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-11-22 19:52 - 2015-12-07 00:47 - 00003794 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-11-22 19:52 - 2015-11-23 14:10 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-22 19:51 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\032B0290-1448229112-05F9-E206-1B0700080009
2015-11-22 19:50 - 2015-12-07 00:47 - 00003342 _____ C:\Windows\System32\Tasks\crash_service
2015-11-22 19:50 - 2015-12-07 00:47 - 00003310 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser
2015-11-21 21:44 - 2015-12-01 18:20 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.9414
2015-11-21 21:43 - 2015-12-10 11:18 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\ProgramData\ntuser.pol
2015-11-21 21:43 - 2015-12-07 00:47 - 00004288 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Setup2194419
2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\{64D95285-4071-3E3D-2DE9-1BD50981E74D}
2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\taso
2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-21 21:42 - 2015-12-07 00:47 - 00004354 _____ C:\Windows\System32\Tasks\ShopperPro
2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Users\Nathan\AppData\Local\SmartWeb
2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-21 21:42 - 2015-11-23 16:46 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PushApp
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ___HD C:\sohucache
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\Documents\ËѺüÓ°Òô
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\globalUpdate
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\SHDownload
2015-11-21 21:41 - 2015-12-07 00:47 - 00003724 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-11-21 21:41 - 2015-11-23 18:32 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro
2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\ProgramData\ShopperPro
2015-11-21 21:41 - 2015-11-21 21:41 - 00000000 ____D C:\Users\Nathan\AppData\Local\Temp尰
2015-11-21 21:40 - 2015-11-23 16:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-11-21 21:40 - 2015-11-21 21:40 - 00000000 ____D C:\Users\Nathan\AppData\Local\Prompt Downloader
2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Yeaplayer
2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-11-21 21:39 - 2015-11-21 21:38 - 00055016 _____ (DotCash) C:\Windows\system32\Drivers\MPCKpt.sys
2015-11-21 21:38 - 2015-12-15 10:23 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2015-11-21 21:38 - 2015-12-07 00:47 - 00003684 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-11-21 21:38 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-11-21 21:38 - 2015-11-21 21:38 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashRpt
2015-11-21 21:38 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-11-21 21:36 - 2015-11-21 21:36 - 00004579 _____ C:\Users\Nathan\AppData\Roaming\webad.xml
2015-11-21 21:36 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe
2015-11-21 21:35 - 2015-11-21 21:35 - 00007605 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-11-21 21:34 - 2015-11-22 20:06 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\UpAuroraBrowser
2015-11-21 21:34 - 2015-11-21 12:15 - 02212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe
2015-11-21 21:33 - 2015-12-07 00:47 - 00003088 _____ C:\Windows\System32\Tasks\svchost
2015-11-21 21:33 - 2015-12-01 18:35 - 00000000 ____D C:\Users\Nathan\AppData\Local\032B0290-1448141590-05F9-E206-1B0700080009
2015-11-21 21:32 - 2015-11-26 13:56 - 00000000 ____D C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009
2015-11-21 21:32 - 2009-06-10 19:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-21 21:30 - 2015-12-07 00:47 - 00003248 _____ C:\Windows\System32\Tasks\Rush Extension
2015-11-21 21:30 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Rush Extension
2015-11-21 10:10 - 2015-11-21 21:44 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-11-17 00:07 - 2015-11-17 00:07 - 00000000 ___DL C:\Users\Nathan\AppData\LocalLow\PlayReady
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2015-12-15 15:20 - 2015-09-20 16:24 - 00000000 ___HD C:\Users\Nathan\.mediafire
2015-12-15 15:19 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-15 14:43 - 2015-06-14 07:00 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\WeatherTool
2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 11:16 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
2015-12-15 11:15 - 2015-09-12 17:59 - 00000000 ____D C:\Users\Nathan\euu
2015-12-15 10:24 - 2015-09-20 16:27 - 00000000 ___RD C:\Users\Nathan\MediaFire
2015-12-15 10:23 - 2015-09-05 12:30 - 00000000 __SHD C:\Users\Nathan\IntelGraphicsProfiles
2015-12-15 10:22 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 21:02 - 2009-07-14 15:55 - 00703370 _____ C:\Windows\system32\prfh0416.dat
2015-12-14 21:02 - 2009-07-14 15:55 - 00146156 _____ C:\Windows\system32\prfc0416.dat
2015-12-14 21:02 - 2009-07-14 03:13 - 01628224 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 21:02 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-14 14:43 - 2015-09-17 02:07 - 00000000 ____D C:\Users\Nathan\Documents\Euro Truck Simulator 2
2015-12-12 19:53 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\Movies
2015-12-11 18:16 - 2015-11-08 13:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client
2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\ProgramData\Skype
2015-12-11 12:47 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Local\Skype
2015-12-09 23:52 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\nova
2015-12-09 11:32 - 2009-07-14 02:45 - 00270368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:42 - 2015-11-06 17:55 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 01:39 - 2015-11-06 17:54 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 18:24 - 2015-11-08 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-12-08 18:24 - 2015-11-06 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2015-12-08 18:24 - 2015-11-06 15:17 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-08 18:24 - 2015-09-26 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-12-08 18:24 - 2015-09-20 16:21 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFire Desktop
2015-12-08 18:24 - 2015-09-17 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up!
2015-12-08 18:24 - 2015-09-15 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-12-08 18:24 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-08 18:24 - 2015-09-05 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2015-12-08 18:24 - 2015-09-05 12:04 - 00000000 ____D C:\Windows\system32\nn-NO
2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:24 - 2011-02-07 03:08 - 00000000 ____D C:\Windows\system32\SPReview
2015-12-08 18:24 - 2011-02-07 02:10 - 00000000 ____D C:\Windows\system32\EventProviders
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RSD C:\Windows\Media
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-08 17:35 - 2015-10-30 17:34 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-07 15:06 - 2015-09-05 12:38 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-12-07 14:56 - 2015-09-05 12:21 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-12-07 10:04 - 2015-09-05 12:30 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-07 00:47 - 2015-10-15 15:08 - 00020895 _____ C:\Windows\diagerr.xml
2015-12-07 00:47 - 2015-10-15 15:08 - 00019053 _____ C:\Windows\diagwrn.xml
2015-12-07 00:47 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\registration
2015-12-07 00:09 - 2013-07-25 18:35 - 00008192 __RSH C:\BOOTSECT.BAK
2015-12-07 00:01 - 2011-02-07 02:53 - 00000000 ____D C:\Windows\Panther
2015-12-03 10:57 - 2015-09-05 14:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 23:43 - 2015-09-05 12:27 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-02 23:41 - 2015-09-05 12:27 - 00000000 ____D C:\Users\Nathan\AppData\Local\Deployment
2015-12-01 22:08 - 2015-09-05 12:21 - 00000412 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2015-12-01 18:09 - 2015-09-17 22:00 - 00000000 ____D C:\Users\Nathan\Desktop\Nathan
2015-11-30 20:45 - 2015-09-08 12:26 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-30 20:28 - 2015-10-06 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2015-11-26 13:41 - 2015-09-04 23:30 - 00001393 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Nathan\.oracle_jre_usage
2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 22:57 - 2015-09-05 13:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 20:10 - 2015-10-02 21:30 - 00000066 _____ C:\Users\Nathan\Downloads\installer.zip
2015-11-23 20:03 - 2015-04-19 10:20 - 00000626 _____ C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ
2015-11-23 18:32 - 2014-09-23 16:56 - 00000000 ____D C:\Fraps
2015-11-23 16:54 - 2015-09-05 00:45 - 00059288 _____ C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-23 16:48 - 2015-09-04 23:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\VirtualStore
2015-11-23 16:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-23 14:13 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-22 19:50 - 2015-04-08 01:15 - 00016611 _____ C:\claraInstaller.txt
2015-11-19 16:10 - 2015-09-05 11:57 - 00000000 ____D C:\Users\Nathan\Desktop\gabriel
2015-11-17 13:45 - 2015-09-05 12:31 - 00000368 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Nathan).job
2015-11-16 00:16 - 2015-09-05 13:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\.minecraft
2015-11-15 15:33 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
==================== Arquivos na raiz de alguns diretórios =======
2015-04-19 10:20 - 2015-11-23 20:03 - 0000626 _____ () C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ
2015-11-25 14:30 - 2015-11-25 14:30 - 0005120 _____ () C:\Users\Nathan\AppData\Roaming\GiftBag.db
2015-11-21 21:34 - 2015-11-21 12:15 - 2212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe
2015-11-21 21:36 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe
2015-11-22 21:07 - 2015-11-23 14:07 - 0000063 _____ () C:\Users\Nathan\AppData\Roaming\WB.CFG
2015-11-21 21:36 - 2015-11-21 21:36 - 0004579 _____ () C:\Users\Nathan\AppData\Roaming\webad.xml
2015-11-22 21:11 - 2015-11-23 15:10 - 0000322 _____ () C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt
2015-11-21 21:38 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe
2015-11-22 20:10 - 2015-11-22 20:10 - 0000187 _____ () C:\Users\Nathan\AppData\Local\Konk-hex.exe.config
2015-11-21 21:35 - 2015-11-21 21:35 - 0007605 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-12-02 08:25 - 2015-12-02 15:40 - 1308162 _____ ( ) C:\ProgramData\carss---.exe
2015-11-24 13:55 - 2015-11-24 13:55 - 0002114 _____ () C:\ProgramData\carss.exe.lnk
2015-12-15 10:35 - 2015-12-15 13:50 - 1852416 _____ () C:\ProgramData\carssb.exe
2015-11-27 12:14 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2015-11-27 12:10 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 1927168 _____ () C:\ProgramData\tops.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-11-23 15:12 - 2015-11-30 13:03 - 0000644 _____ () C:\ProgramData\xcgui_debug.txt
2015-11-23 14:15 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-22 20:51 - 2015-11-23 23:21 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\carss---.exe
C:\ProgramData\carssb.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\tops.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\carss---.exe
C:\Users\Todos os Usuários\carssb.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\tops.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll
C:\Users\Nathan\AppData\Local\Temp\atcMedia1481449989774.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia1781441468718.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia331447171930.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia7541441468801.exe
C:\Users\Nathan\AppData\Local\Temp\BingSvc.exe
C:\Users\Nathan\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Nathan\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Nathan\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Nathan\AppData\Local\Temp\downloader.dll
C:\Users\Nathan\AppData\Local\Temp\FileAssociationsTool.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MFDesktopShellStatic_x64.dll
C:\Users\Nathan\AppData\Local\Temp\NGMDll.dll
C:\Users\Nathan\AppData\Local\Temp\NGMResource.dll
C:\Users\Nathan\AppData\Local\Temp\NGMSetup.exe
C:\Users\Nathan\AppData\Local\Temp\nsw7724.tmp.exe
C:\Users\Nathan\AppData\Local\Temp\PCMgr_Setup_11_2_17039_214.exe
C:\Users\Nathan\AppData\Local\Temp\QQPCDownload74628.exe
C:\Users\Nathan\AppData\Local\Temp\QQPCMgr_Setup.exe
C:\Users\Nathan\AppData\Local\Temp\qqpcmgr_v11.0.16794.227_45129_Silence.exe
C:\Users\Nathan\AppData\Local\Temp\safeguard.exe
C:\Users\Nathan\AppData\Local\Temp\scp258A.tmp.exe
C:\Users\Nathan\AppData\Local\Temp\SHUninstall.exe
C:\Users\Nathan\AppData\Local\Temp\shutdown1442773313.exe
C:\Users\Nathan\AppData\Local\Temp\SHVersion.dll
C:\Users\Nathan\AppData\Local\Temp\SohuTool.dll
C:\Users\Nathan\AppData\Local\Temp\SoHuVA_4.5.77.0-c20-nti-ng-s-tp.exe
C:\Users\Nathan\AppData\Local\Temp\unicows.dll
C:\Users\Nathan\AppData\Local\Temp\Uninstall.exe
C:\Users\Nathan\AppData\Local\Temp\UninstallModule.exe
C:\Users\Nathan\AppData\Local\Temp\utils.dll
C:\Users\Nathan\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-12-01 13:39
==================== Fim de FRST.txt ============================
Executado por Nathan (administrador) em NATHAN-PC (15-12-2015 15:19:40)
Executando a partir de C:\Users\Nathan\Downloads
Perfis Carregados: Nathan (Perfis Disponíveis: Nathan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Ray you) C:\Program Files (x86)\RayDld\ihpmServer.exe
() C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe
(DotCash Limited) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(© 2015 Microsoft Corporation) C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_hub.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_browser.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe
(Nexon) C:\Level Up! Games\Combat Arms\CombatArms.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.BR\raidcall.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [mbot_br_014010153] => [X]
HKLM-x32\...\Run: [gmsd_br_005010154] => [X]
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\Run: [gmsd_br_005010155] => [X]
HKLM-x32\...\Run: [gmsd_br_004010155] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-09] (AVAST Software)
HKLM-x32\...\Run: [HomePageHelper] => C:\ProgramData\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [BingSvc] => C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [MediaFire Tray] => C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe [4025856 2015-11-05] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [CrashService] => "C:\Users\Nathan\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2920448 2015-12-02] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [-] => c:\programdata\carssb.exe [1852416 2015-12-15] ()
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\MountPoints2: {8cc533d5-5ae0-11e5-a88f-902b34f9e21b} - F:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-09] (AVAST Software)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_6c25c.dll [2015-08-20] (TODO:
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_6c25c.dll [2015-08-20] (TODO:
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_6c25c.dll [2015-08-20] (TODO:
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_6c25c.dll [2015-08-20] (TODO:
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_6c25c.dll [2015-08-20] (TODO:
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50785;https=127.0.0.1:50785
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll Nenhum Arquivo
Tcpip\Parameters: [DhcpNameServer] 187.122.127.35 187.122.127.59
Tcpip\..\Interfaces\{6981DDE4-5613-4EA0-B08D-D61797B3DB4F}: [DhcpNameServer] 187.122.127.35 187.122.127.59
Tcpip\..\Interfaces\{7329F755-F2A9-4455-8A80-6BD55B0F62AB}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B23DF83A-566F-4183-B9FC-D9296F173646}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=91104071_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953
HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
URLSearchHook: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 - (Sem Nome) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334580&octid=EB_ORIGINAL_CTID&ISID=M05293CE4-7B2C-487E-8C4D-CA94E0C954B1&SearchSource=58&CUI=&UM=8&UP=SPB632A31D-33C7-46D8-A7E9-A9E05478C6CE&D=112215&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_6&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {5BAB3DD0-AFDA-4675-9FE4-5A0226D1E264} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://mysearch.avg.com/search?cid={B350ABAC-BA49-409B-9DCA-4FA89120E3BE}&mid=6488f62645fe47cd80904162721d0be8-db1370f5bca904e6bdb50359c1e986e718b9aa06&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-13 11:07:06&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {9521373A-EC33-4E6A-9C87-E1549227A163} URL = hxxp://www.search.ask.com/web?tpid=ATU4SP-MED&o=APN11391&pf=V7&p2=^BAY^defaul^BW^BR&gct=sb&itbv=12.34.1.2165&apn_uid=14821F95-D3D6-4327-ADB0-9372688B3377&apn_ptnrs=^BAY&apn_dtid=^defaul^BW^BR&apn_dbr=chrome.exe_0_45.0.2454.85&doi=2015-09-05&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-23] (AVAST Software)
BHO: Sem Nome -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Nenhum Arquivo
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Sem Nome -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-23] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Sem Nome -> {b608cc98-54de-4775-96c9-097de398500c} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2015-09-05] (Nexon)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-09-17] (Nexon)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Nathan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-09-18] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Nathan\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-09]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-09]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Bing) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-02]
CHR Extension: (Planilhas do Google) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03]
CHR Extension: (Avast Online Security) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02]
CHR Extension: (Skype Click to Call) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
CHR HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-09] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 1999-12-31] (Intel Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271592 2015-11-18] (Ray you)
S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [210416 2015-11-05] ()
R2 MF NTFS Monitor; C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe [456176 2015-11-05] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [270304 2015-11-21] (DotCash Limited)
R2 qymumylo; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp [247808 2015-11-21] () [Arquivo não assinado]
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-01] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 Dripkix; não ImagePath
S2 ginoquci; não ImagePath
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 rojuxire; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\knsp8995.tmp [X]
S2 SSFK; não ImagePath
S2 typikeni; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\hnse907E.tmp [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-09] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-11-05] (Windows (R) Win 7 DDK provider)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2015-11-21] (DotCash)
R2 SPDRIVER_1.42.1.2719; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [52376 2015-10-27] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-12-07] (SlimWare Utilities, Inc.)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-11-25] (电脑管家)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\softaal64.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2015-12-15 15:19 - 2015-12-15 15:20 - 00027105 _____ C:\Users\Nathan\Downloads\FRST.txt
2015-12-15 15:19 - 2015-12-15 15:19 - 02369536 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2015-12-15 15:19 - 2015-12-15 15:19 - 00000000 ____D C:\FRST
2015-12-15 15:17 - 2015-12-15 15:17 - 01720832 _____ (Farbar) C:\Users\Nathan\Downloads\FRST.exe
2015-12-15 10:38 - 2015-12-15 10:38 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\Users\Todos os Usuários\carssb.exe
2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\ProgramData\carssb.exe
2015-12-15 00:10 - 2015-12-15 00:10 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\LightGate
2015-12-13 09:26 - 2015-12-13 09:26 - 00000000 ___HD C:\Users\Nathan\Documents\.4sh
2015-12-13 09:20 - 2015-12-13 09:20 - 11595328 _____ (New IT Solutions) C:\Users\Nathan\Downloads\4shared_Desktop_4.0.14.27377.exe
2015-12-13 09:03 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-12-13 09:01 - 2015-12-13 09:01 - 17251392 _____ (DsNET Corp ) C:\Users\Nathan\Downloads\aTubeCatcher.exe
2015-12-13 07:28 - 2015-12-13 09:03 - 00001190 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-12-13 07:28 - 2015-12-13 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-12-13 07:28 - 2015-12-13 07:28 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2015-12-13 07:21 - 2015-12-13 07:24 - 00000000 ____D C:\Program Files (x86)\Ares
2015-12-13 07:21 - 2015-12-13 07:21 - 00000000 ____D C:\Users\Nathan\AppData\Local\Ares
2015-12-11 12:47 - 2015-12-11 12:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 12:47 - 2015-12-11 12:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-11 12:47 - 2015-12-11 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-11 12:45 - 2015-12-11 12:46 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Nathan\Downloads\SkypeSetup.exe
2015-12-09 11:38 - 2015-12-09 11:38 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-09 11:37 - 2015-12-09 11:37 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-08 18:04 - 2015-11-20 16:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 18:04 - 2015-11-20 16:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 18:04 - 2015-11-20 16:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 18:04 - 2015-11-20 16:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 18:04 - 2015-11-20 16:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 18:04 - 2015-11-20 16:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 18:04 - 2015-11-11 19:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 18:04 - 2015-11-11 18:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 18:04 - 2015-11-11 16:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 18:04 - 2015-11-11 16:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 18:04 - 2015-11-11 16:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 18:04 - 2015-11-11 16:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 18:04 - 2015-11-11 14:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 18:04 - 2015-11-11 14:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 18:04 - 2015-11-11 13:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 18:04 - 2015-11-11 13:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 18:04 - 2015-11-11 13:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 18:04 - 2015-11-11 13:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 18:04 - 2015-11-11 12:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 18:04 - 2015-11-10 16:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 18:04 - 2015-11-10 16:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 18:04 - 2015-11-10 16:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 18:04 - 2015-11-10 15:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 18:04 - 2015-11-09 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 18:04 - 2015-11-09 22:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 18:04 - 2015-11-09 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 18:04 - 2015-11-09 22:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 18:04 - 2015-11-09 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 18:04 - 2015-11-09 22:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 18:04 - 2015-11-09 22:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 18:04 - 2015-11-09 22:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 18:04 - 2015-11-09 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 18:04 - 2015-11-09 22:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 18:04 - 2015-11-09 22:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 18:04 - 2015-11-09 22:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 18:04 - 2015-11-09 22:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 18:04 - 2015-11-09 21:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 18:04 - 2015-11-09 21:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 18:04 - 2015-11-09 21:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 18:04 - 2015-11-09 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 18:04 - 2015-11-09 21:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 18:04 - 2015-11-09 21:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 18:04 - 2015-11-09 21:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 18:04 - 2015-11-09 21:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 18:04 - 2015-11-09 21:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 18:04 - 2015-11-09 21:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 18:04 - 2015-11-09 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 18:04 - 2015-11-08 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 18:04 - 2015-11-08 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 18:04 - 2015-11-08 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 18:04 - 2015-11-08 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 18:04 - 2015-11-08 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 18:04 - 2015-11-08 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 18:04 - 2015-11-08 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 18:04 - 2015-11-08 20:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 18:04 - 2015-11-08 20:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 18:04 - 2015-11-08 20:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 18:04 - 2015-11-08 20:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 18:04 - 2015-11-08 20:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 18:04 - 2015-11-08 19:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 18:04 - 2015-11-08 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 18:04 - 2015-11-08 19:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 18:04 - 2015-11-08 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 18:04 - 2015-11-08 19:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 18:04 - 2015-11-08 19:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 18:04 - 2015-11-08 19:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 18:04 - 2015-11-08 19:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 18:04 - 2015-11-08 19:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 18:04 - 2015-11-08 19:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 18:04 - 2015-11-08 19:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 18:04 - 2015-11-08 19:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 18:04 - 2015-11-08 18:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 18:04 - 2015-11-08 18:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 18:04 - 2015-11-08 18:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 18:04 - 2015-11-05 17:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 18:04 - 2015-11-05 17:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 18:04 - 2015-11-05 07:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 18:04 - 2015-11-03 17:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 18:04 - 2015-11-03 16:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 18:02 - 2015-11-03 17:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 18:02 - 2015-11-03 16:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 01:23 - 2015-12-08 18:31 - 00000000 ____D C:\Windows.old
2015-12-07 00:34 - 2015-12-08 18:31 - 00000000 ____D C:\Users\Nathan
2015-12-06 20:42 - 2015-12-06 20:42 - 00159144 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\WindowsActivationUpdate.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2015-12-03 10:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-02 23:43 - 2015-12-15 00:10 - 00002305 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 23:43 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-02 23:41 - 2015-12-10 11:18 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 23:41 - 2015-12-10 11:18 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 23:41 - 2015-12-07 00:47 - 00004176 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 23:41 - 2015-12-07 00:47 - 00003924 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\Users\Todos os Usuários\carss---.exe
2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\ProgramData\carss---.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\Users\Todos os Usuários\tops.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\ProgramData\tops.exe
2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Todos os Usuários\ch_dl_url
2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\ProgramData\ch_dl_url
2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2015-11-26 23:26 - 2015-11-27 00:02 - 167839512 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunes6464Setup.exe
2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Users\Nathan\AppData\Local\gmsd_br_005010157
2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Program Files (x86)\gmsd_br_005010157
2015-11-25 14:30 - 2015-11-25 14:30 - 00005120 _____ C:\Users\Nathan\AppData\Roaming\GiftBag.db
2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\Users\Todos os Usuários\carss.exe.lnk
2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\ProgramData\carss.exe.lnk
2015-11-23 18:30 - 2015-11-27 12:09 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-11-23 17:30 - 2015-11-23 17:30 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software
2015-11-23 17:29 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-23 17:29 - 2015-11-23 17:29 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-23 17:28 - 2015-12-09 11:38 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-11-23 17:28 - 2015-12-09 11:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-23 17:28 - 2015-12-09 11:37 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-23 17:27 - 2015-11-23 17:27 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-23 17:26 - 2015-11-23 17:26 - 05084256 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe
2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC
2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\TXQMPC
2015-11-23 16:52 - 2015-11-23 16:52 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\TENCENT
2015-11-23 16:48 - 2015-11-25 14:28 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-11-23 16:48 - 2015-11-23 16:48 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-11-23 16:47 - 2015-11-25 14:28 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-11-23 16:47 - 2015-11-23 16:47 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-11-23 15:24 - 2015-11-23 15:24 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\SmartWeb
2015-11-23 15:22 - 2015-11-23 15:22 - 00592759 _____ C:\Users\Nathan\AVGInstLog.cab
2015-11-23 15:18 - 2015-11-23 15:18 - 00000008 _____ C:\END
2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\ProgramData\xcgui_debug.txt
2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\3WMiniPro3
2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\3WMiniPro3
2015-11-23 14:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\Tencent
2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\Tencent
2015-11-23 14:51 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\032B0290-1448297491-05F9-E206-1B0700080009
2015-11-23 14:51 - 2015-11-23 14:51 - 00001046 _____ C:\Windows\Tasks\xT3rYNeym.job
2015-11-23 14:50 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\OpedBrowsrVersion5
2015-11-23 14:47 - 2015-11-23 18:58 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Tencent
2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\ProgramData\WindowsMsg
2015-11-23 14:39 - 2015-12-07 00:47 - 00004298 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\WWMiniProW
2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\WWMiniProW
2015-11-23 14:33 - 2015-12-07 00:47 - 00004150 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-22 21:11 - 2015-11-23 15:10 - 00000322 _____ C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt
2015-11-22 21:07 - 2015-11-23 14:07 - 00000063 _____ C:\Users\Nathan\AppData\Roaming\WB.CFG
2015-11-22 21:01 - 2015-11-23 16:45 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-11-22 20:51 - 2015-11-24 12:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\istartpageing
2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-22 20:51 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files (x86)\SFK
2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\vWMiniProv
2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\vWMiniProv
2015-11-22 20:28 - 2015-11-23 19:40 - 00000000 ____D C:\Program Files (x86)\032B0290-1448231309-05F9-E206-1B0700080009
2015-11-22 20:12 - 2015-11-22 20:12 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-22 20:10 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files\Dripkix
2015-11-22 20:10 - 2015-11-22 20:10 - 00000187 _____ C:\Users\Nathan\AppData\Local\Konk-hex.exe.config
2015-11-22 20:09 - 2015-12-07 00:47 - 00004350 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323332373737353832362d2d37505a2a6c55326c342341
2015-11-22 20:08 - 2015-11-23 14:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\systweak
2015-11-22 20:08 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2015-11-22 20:07 - 2015-12-07 00:47 - 00003720 _____ C:\Windows\System32\Tasks\PFExe
2015-11-22 20:07 - 2015-12-07 00:47 - 00003350 _____ C:\Windows\System32\Tasks\Price Fountain
2015-11-22 20:07 - 2015-11-23 15:07 - 00000296 _____ C:\Windows\Tasks\Price Fountain.job
2015-11-22 20:07 - 2015-11-22 20:07 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PriceFountain
2015-11-22 20:05 - 2015-11-23 19:43 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-11-22 20:05 - 2015-11-22 20:05 - 00002494 _____ C:\Windows\patsearch.bin
2015-11-22 20:05 - 2015-11-22 20:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-11-22 19:54 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\Velocidade Do PC
2015-11-22 19:52 - 2015-12-10 11:18 - 00000940 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-11-22 19:52 - 2015-12-07 00:47 - 00004048 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-11-22 19:52 - 2015-12-07 00:47 - 00003794 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-11-22 19:52 - 2015-11-23 14:10 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-22 19:51 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\032B0290-1448229112-05F9-E206-1B0700080009
2015-11-22 19:50 - 2015-12-07 00:47 - 00003342 _____ C:\Windows\System32\Tasks\crash_service
2015-11-22 19:50 - 2015-12-07 00:47 - 00003310 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser
2015-11-21 21:44 - 2015-12-01 18:20 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.9414
2015-11-21 21:43 - 2015-12-10 11:18 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\ProgramData\ntuser.pol
2015-11-21 21:43 - 2015-12-07 00:47 - 00004288 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Setup2194419
2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\{64D95285-4071-3E3D-2DE9-1BD50981E74D}
2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\taso
2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-21 21:42 - 2015-12-07 00:47 - 00004354 _____ C:\Windows\System32\Tasks\ShopperPro
2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Users\Nathan\AppData\Local\SmartWeb
2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-21 21:42 - 2015-11-23 16:46 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PushApp
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ___HD C:\sohucache
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\Documents\ËѺüÓ°Òô
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\globalUpdate
2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\SHDownload
2015-11-21 21:41 - 2015-12-07 00:47 - 00003724 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-11-21 21:41 - 2015-11-23 18:32 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro
2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\ProgramData\ShopperPro
2015-11-21 21:41 - 2015-11-21 21:41 - 00000000 ____D C:\Users\Nathan\AppData\Local\Temp尰
2015-11-21 21:40 - 2015-11-23 16:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-11-21 21:40 - 2015-11-21 21:40 - 00000000 ____D C:\Users\Nathan\AppData\Local\Prompt Downloader
2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Yeaplayer
2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-11-21 21:39 - 2015-11-21 21:38 - 00055016 _____ (DotCash) C:\Windows\system32\Drivers\MPCKpt.sys
2015-11-21 21:38 - 2015-12-15 10:23 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2015-11-21 21:38 - 2015-12-07 00:47 - 00003684 _____ C:\Windows\System32\Tasks\Inst_Rep
2015-11-21 21:38 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\OLBPre
2015-11-21 21:38 - 2015-11-21 21:38 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashRpt
2015-11-21 21:38 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-11-21 21:36 - 2015-11-21 21:36 - 00004579 _____ C:\Users\Nathan\AppData\Roaming\webad.xml
2015-11-21 21:36 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe
2015-11-21 21:35 - 2015-11-21 21:35 - 00007605 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-11-21 21:34 - 2015-11-22 20:06 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\UpAuroraBrowser
2015-11-21 21:34 - 2015-11-21 12:15 - 02212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe
2015-11-21 21:33 - 2015-12-07 00:47 - 00003088 _____ C:\Windows\System32\Tasks\svchost
2015-11-21 21:33 - 2015-12-01 18:35 - 00000000 ____D C:\Users\Nathan\AppData\Local\032B0290-1448141590-05F9-E206-1B0700080009
2015-11-21 21:32 - 2015-11-26 13:56 - 00000000 ____D C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009
2015-11-21 21:32 - 2009-06-10 19:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-21 21:30 - 2015-12-07 00:47 - 00003248 _____ C:\Windows\System32\Tasks\Rush Extension
2015-11-21 21:30 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Rush Extension
2015-11-21 10:10 - 2015-11-21 21:44 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-11-17 00:07 - 2015-11-17 00:07 - 00000000 ___DL C:\Users\Nathan\AppData\LocalLow\PlayReady
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2015-12-15 15:20 - 2015-09-20 16:24 - 00000000 ___HD C:\Users\Nathan\.mediafire
2015-12-15 15:19 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-15 14:43 - 2015-06-14 07:00 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\WeatherTool
2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 11:16 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype
2015-12-15 11:15 - 2015-09-12 17:59 - 00000000 ____D C:\Users\Nathan\euu
2015-12-15 10:24 - 2015-09-20 16:27 - 00000000 ___RD C:\Users\Nathan\MediaFire
2015-12-15 10:23 - 2015-09-05 12:30 - 00000000 __SHD C:\Users\Nathan\IntelGraphicsProfiles
2015-12-15 10:22 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 21:02 - 2009-07-14 15:55 - 00703370 _____ C:\Windows\system32\prfh0416.dat
2015-12-14 21:02 - 2009-07-14 15:55 - 00146156 _____ C:\Windows\system32\prfc0416.dat
2015-12-14 21:02 - 2009-07-14 03:13 - 01628224 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 21:02 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-14 14:43 - 2015-09-17 02:07 - 00000000 ____D C:\Users\Nathan\Documents\Euro Truck Simulator 2
2015-12-12 19:53 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\Movies
2015-12-11 18:16 - 2015-11-08 13:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client
2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\ProgramData\Skype
2015-12-11 12:47 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Local\Skype
2015-12-09 23:52 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\nova
2015-12-09 11:32 - 2009-07-14 02:45 - 00270368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 01:42 - 2015-11-06 17:55 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 01:39 - 2015-11-06 17:54 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 18:24 - 2015-11-08 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-12-08 18:24 - 2015-11-06 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2015-12-08 18:24 - 2015-11-06 15:17 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-08 18:24 - 2015-09-26 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-12-08 18:24 - 2015-09-20 16:21 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFire Desktop
2015-12-08 18:24 - 2015-09-17 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up!
2015-12-08 18:24 - 2015-09-15 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-12-08 18:24 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-08 18:24 - 2015-09-05 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
2015-12-08 18:24 - 2015-09-05 12:04 - 00000000 ____D C:\Windows\system32\nn-NO
2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-08 18:24 - 2011-02-07 03:08 - 00000000 ____D C:\Windows\system32\SPReview
2015-12-08 18:24 - 2011-02-07 02:10 - 00000000 ____D C:\Windows\system32\EventProviders
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RSD C:\Windows\Media
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-08 17:35 - 2015-10-30 17:34 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-07 15:06 - 2015-09-05 12:38 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-12-07 14:56 - 2015-09-05 12:21 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-12-07 10:04 - 2015-09-05 12:30 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-07 00:47 - 2015-10-15 15:08 - 00020895 _____ C:\Windows\diagerr.xml
2015-12-07 00:47 - 2015-10-15 15:08 - 00019053 _____ C:\Windows\diagwrn.xml
2015-12-07 00:47 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\registration
2015-12-07 00:09 - 2013-07-25 18:35 - 00008192 __RSH C:\BOOTSECT.BAK
2015-12-07 00:01 - 2011-02-07 02:53 - 00000000 ____D C:\Windows\Panther
2015-12-03 10:57 - 2015-09-05 14:00 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 23:43 - 2015-09-05 12:27 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-02 23:41 - 2015-09-05 12:27 - 00000000 ____D C:\Users\Nathan\AppData\Local\Deployment
2015-12-01 22:08 - 2015-09-05 12:21 - 00000412 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2015-12-01 18:09 - 2015-09-17 22:00 - 00000000 ____D C:\Users\Nathan\Desktop\Nathan
2015-11-30 20:45 - 2015-09-08 12:26 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-30 20:28 - 2015-10-06 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics
2015-11-26 13:41 - 2015-09-04 23:30 - 00001393 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Nathan\.oracle_jre_usage
2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 22:57 - 2015-09-05 13:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-23 20:10 - 2015-10-02 21:30 - 00000066 _____ C:\Users\Nathan\Downloads\installer.zip
2015-11-23 20:03 - 2015-04-19 10:20 - 00000626 _____ C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ
2015-11-23 18:32 - 2014-09-23 16:56 - 00000000 ____D C:\Fraps
2015-11-23 16:54 - 2015-09-05 00:45 - 00059288 _____ C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-23 16:48 - 2015-09-04 23:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\VirtualStore
2015-11-23 16:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-23 14:13 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-22 19:50 - 2015-04-08 01:15 - 00016611 _____ C:\claraInstaller.txt
2015-11-19 16:10 - 2015-09-05 11:57 - 00000000 ____D C:\Users\Nathan\Desktop\gabriel
2015-11-17 13:45 - 2015-09-05 12:31 - 00000368 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Nathan).job
2015-11-16 00:16 - 2015-09-05 13:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\.minecraft
2015-11-15 15:33 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
==================== Arquivos na raiz de alguns diretórios =======
2015-04-19 10:20 - 2015-11-23 20:03 - 0000626 _____ () C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ
2015-11-25 14:30 - 2015-11-25 14:30 - 0005120 _____ () C:\Users\Nathan\AppData\Roaming\GiftBag.db
2015-11-21 21:34 - 2015-11-21 12:15 - 2212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe
2015-11-21 21:36 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe
2015-11-22 21:07 - 2015-11-23 14:07 - 0000063 _____ () C:\Users\Nathan\AppData\Roaming\WB.CFG
2015-11-21 21:36 - 2015-11-21 21:36 - 0004579 _____ () C:\Users\Nathan\AppData\Roaming\webad.xml
2015-11-22 21:11 - 2015-11-23 15:10 - 0000322 _____ () C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt
2015-11-21 21:38 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe
2015-11-22 20:10 - 2015-11-22 20:10 - 0000187 _____ () C:\Users\Nathan\AppData\Local\Konk-hex.exe.config
2015-11-21 21:35 - 2015-11-21 21:35 - 0007605 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2015-12-02 08:25 - 2015-12-02 15:40 - 1308162 _____ ( ) C:\ProgramData\carss---.exe
2015-11-24 13:55 - 2015-11-24 13:55 - 0002114 _____ () C:\ProgramData\carss.exe.lnk
2015-12-15 10:35 - 2015-12-15 13:50 - 1852416 _____ () C:\ProgramData\carssb.exe
2015-11-27 12:14 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2015-11-27 12:10 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2015-12-04 12:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2015-11-30 12:03 - 2015-11-30 19:28 - 1927168 _____ () C:\ProgramData\tops.exe
2015-11-21 21:37 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-11-23 15:12 - 2015-11-30 13:03 - 0000644 _____ () C:\ProgramData\xcgui_debug.txt
2015-11-23 14:15 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-22 20:51 - 2015-11-23 23:21 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\carss---.exe
C:\ProgramData\carssb.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\tops.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\carss---.exe
C:\Users\Todos os Usuários\carssb.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\tops.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll
C:\Users\Nathan\AppData\Local\Temp\atcMedia1481449989774.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia1781441468718.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia331447171930.exe
C:\Users\Nathan\AppData\Local\Temp\atcMedia7541441468801.exe
C:\Users\Nathan\AppData\Local\Temp\BingSvc.exe
C:\Users\Nathan\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Nathan\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Nathan\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Nathan\AppData\Local\Temp\downloader.dll
C:\Users\Nathan\AppData\Local\Temp\FileAssociationsTool.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\Nathan\AppData\Local\Temp\MFDesktopShellStatic_x64.dll
C:\Users\Nathan\AppData\Local\Temp\NGMDll.dll
C:\Users\Nathan\AppData\Local\Temp\NGMResource.dll
C:\Users\Nathan\AppData\Local\Temp\NGMSetup.exe
C:\Users\Nathan\AppData\Local\Temp\nsw7724.tmp.exe
C:\Users\Nathan\AppData\Local\Temp\PCMgr_Setup_11_2_17039_214.exe
C:\Users\Nathan\AppData\Local\Temp\QQPCDownload74628.exe
C:\Users\Nathan\AppData\Local\Temp\QQPCMgr_Setup.exe
C:\Users\Nathan\AppData\Local\Temp\qqpcmgr_v11.0.16794.227_45129_Silence.exe
C:\Users\Nathan\AppData\Local\Temp\safeguard.exe
C:\Users\Nathan\AppData\Local\Temp\scp258A.tmp.exe
C:\Users\Nathan\AppData\Local\Temp\SHUninstall.exe
C:\Users\Nathan\AppData\Local\Temp\shutdown1442773313.exe
C:\Users\Nathan\AppData\Local\Temp\SHVersion.dll
C:\Users\Nathan\AppData\Local\Temp\SohuTool.dll
C:\Users\Nathan\AppData\Local\Temp\SoHuVA_4.5.77.0-c20-nti-ng-s-tp.exe
C:\Users\Nathan\AppData\Local\Temp\unicows.dll
C:\Users\Nathan\AppData\Local\Temp\Uninstall.exe
C:\Users\Nathan\AppData\Local\Temp\UninstallModule.exe
C:\Users\Nathan\AppData\Local\Temp\utils.dll
C:\Users\Nathan\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-12-01 13:39
==================== Fim de FRST.txt ============================